CVE-2025-6320: SQL Injection in PHPGurukul Pre-School Enrollment System
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-6320 is a SQL Injection vulnerability identified in version 1.0 of the PHPGurukul Pre-School Enrollment System, specifically within the /admin/add-class.php file. The vulnerability arises from improper sanitization or validation of the 'classname' parameter, which is directly used in SQL queries. This flaw allows an unauthenticated remote attacker to inject malicious SQL code by manipulating the 'classname' argument, potentially leading to unauthorized access to the backend database. The attack vector requires no user interaction and can be executed over the network without prior authentication, increasing the risk of exploitation. Although the CVSS 4.0 base score is 5.3 (medium severity), the vulnerability's critical classification by the vendor suggests that the impact could be significant if exploited in certain contexts. The vulnerability affects only version 1.0 of the product, and no official patches or fixes have been published yet. No known exploits are currently reported in the wild, but the exploit details have been publicly disclosed, which may facilitate future attacks. The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as indicated by the CVSS vector, with low to medium impact on each security property. The scope is limited to the affected system, and no privilege escalation or scope change is indicated. The vulnerability is exploitable remotely without authentication or user interaction, which increases its risk profile despite the medium CVSS score.
Potential Impact
For European organizations using the PHPGurukul Pre-School Enrollment System version 1.0, this vulnerability poses a risk of unauthorized database access, which could lead to leakage or manipulation of sensitive enrollment data, including personal information of children and parents. This could result in privacy violations under GDPR, reputational damage, and potential regulatory penalties. The SQL injection could also be leveraged to modify or delete enrollment records, disrupting school administrative operations and availability of services. Although the product targets pre-school enrollment, educational institutions and related administrative bodies in Europe that rely on this system could face operational disruptions. The medium CVSS score suggests moderate risk; however, the critical classification and public exploit disclosure increase the urgency for mitigation. The impact is more pronounced in organizations that have not implemented compensating controls such as web application firewalls or input validation layers. Since the vulnerability allows remote exploitation without authentication, attackers could automate attacks at scale, potentially affecting multiple institutions across Europe.
Mitigation Recommendations
1. Immediate mitigation should include restricting access to the /admin/add-class.php endpoint to trusted IP addresses or VPNs to reduce exposure. 2. Implement web application firewalls (WAF) with rules specifically designed to detect and block SQL injection attempts targeting the 'classname' parameter. 3. Apply rigorous input validation and sanitization on all user-supplied data, especially the 'classname' parameter, using parameterized queries or prepared statements to prevent SQL injection. 4. If possible, upgrade or patch the PHPGurukul Pre-School Enrollment System to a version that addresses this vulnerability once available. 5. Conduct a thorough audit of database logs and application logs to detect any signs of exploitation attempts. 6. Educate administrative users about the risk and encourage monitoring for unusual activity. 7. As a longer-term measure, consider migrating to more secure and actively maintained enrollment management systems with robust security practices. 8. Regularly back up enrollment data and verify backup integrity to enable recovery in case of data tampering or loss.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2025-6320: SQL Injection in PHPGurukul Pre-School Enrollment System
Description
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-6320 is a SQL Injection vulnerability identified in version 1.0 of the PHPGurukul Pre-School Enrollment System, specifically within the /admin/add-class.php file. The vulnerability arises from improper sanitization or validation of the 'classname' parameter, which is directly used in SQL queries. This flaw allows an unauthenticated remote attacker to inject malicious SQL code by manipulating the 'classname' argument, potentially leading to unauthorized access to the backend database. The attack vector requires no user interaction and can be executed over the network without prior authentication, increasing the risk of exploitation. Although the CVSS 4.0 base score is 5.3 (medium severity), the vulnerability's critical classification by the vendor suggests that the impact could be significant if exploited in certain contexts. The vulnerability affects only version 1.0 of the product, and no official patches or fixes have been published yet. No known exploits are currently reported in the wild, but the exploit details have been publicly disclosed, which may facilitate future attacks. The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as indicated by the CVSS vector, with low to medium impact on each security property. The scope is limited to the affected system, and no privilege escalation or scope change is indicated. The vulnerability is exploitable remotely without authentication or user interaction, which increases its risk profile despite the medium CVSS score.
Potential Impact
For European organizations using the PHPGurukul Pre-School Enrollment System version 1.0, this vulnerability poses a risk of unauthorized database access, which could lead to leakage or manipulation of sensitive enrollment data, including personal information of children and parents. This could result in privacy violations under GDPR, reputational damage, and potential regulatory penalties. The SQL injection could also be leveraged to modify or delete enrollment records, disrupting school administrative operations and availability of services. Although the product targets pre-school enrollment, educational institutions and related administrative bodies in Europe that rely on this system could face operational disruptions. The medium CVSS score suggests moderate risk; however, the critical classification and public exploit disclosure increase the urgency for mitigation. The impact is more pronounced in organizations that have not implemented compensating controls such as web application firewalls or input validation layers. Since the vulnerability allows remote exploitation without authentication, attackers could automate attacks at scale, potentially affecting multiple institutions across Europe.
Mitigation Recommendations
1. Immediate mitigation should include restricting access to the /admin/add-class.php endpoint to trusted IP addresses or VPNs to reduce exposure. 2. Implement web application firewalls (WAF) with rules specifically designed to detect and block SQL injection attempts targeting the 'classname' parameter. 3. Apply rigorous input validation and sanitization on all user-supplied data, especially the 'classname' parameter, using parameterized queries or prepared statements to prevent SQL injection. 4. If possible, upgrade or patch the PHPGurukul Pre-School Enrollment System to a version that addresses this vulnerability once available. 5. Conduct a thorough audit of database logs and application logs to detect any signs of exploitation attempts. 6. Educate administrative users about the risk and encourage monitoring for unusual activity. 7. As a longer-term measure, consider migrating to more secure and actively maintained enrollment management systems with robust security practices. 8. Regularly back up enrollment data and verify backup integrity to enable recovery in case of data tampering or loss.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-06-19T10:02:39.554Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68551ffc7ff74dad36a1fbca
Added to database: 6/20/2025, 8:46:52 AM
Last enriched: 6/20/2025, 9:02:26 AM
Last updated: 8/14/2025, 5:08:54 AM
Views: 25
Related Threats
CVE-2025-8066: CWE-601 URL Redirection to Untrusted Site ('Open Redirect') in Bunkerity Bunker Web
MediumCVE-2025-49898: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Xolluteon Dropshix
MediumCVE-2025-55207: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in withastro astro
MediumCVE-2025-49897: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in gopiplus Vertical scroll slideshow gallery v2
HighCVE-2025-49432: CWE-862 Missing Authorization in FWDesign Ultimate Video Player
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.