A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file /users/profile.php. The manipulation of the argument firstname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7481 is a SQL Injection vulnerability identified in version 1.13 of the PHPGurukul Vehicle Parking Management System. The vulnerability resides in the /users/profile.php file, specifically involving the 'firstname' parameter, which is susceptible to malicious input manipulation. This flaw allows an unauthenticated remote attacker to inject arbitrary SQL commands into the backend database queries. The injection occurs due to insufficient input validation or sanitization of the 'firstname' parameter, potentially enabling attackers to read, modify, or delete data within the database. Although the exact extent of affected parameters beyond 'firstname' is not fully known, the disclosure suggests other inputs might also be vulnerable. The vulnerability has been publicly disclosed, but no known exploits are currently observed in the wild. The CVSS 4.0 base score is 5.3, indicating a medium severity level, with attack vector being network-based, no user interaction required, and no privileges needed. The impact on confidentiality, integrity, and availability is limited but present, as the vulnerability could allow partial data leakage or unauthorized data manipulation. The vulnerability does not require authentication, increasing its risk profile. However, the lack of known active exploitation and limited scope of impact reduces the immediate criticality. The absence of official patches or mitigation guidance from the vendor at this time increases the risk for organizations using this system.

CVE Database V5

Detailed information about CVE-2025-7481: SQL Injection in PHPGurukul Vehicle Parking Management System affecting PHPGurukul Vehicle Parking Management System. 

CVE-2025-7481: SQL Injection in PHPGurukul Vehicle Parking Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7481: SQL Injection in PHPGurukul Vehicle Parking Management System

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this issue is some unknown functionality of the file /users/signup.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7480 is a SQL Injection vulnerability identified in version 1.13 of the PHPGurukul Vehicle Parking Management System, specifically within the /users/signup.php file. The vulnerability arises from improper sanitization or validation of the 'email' parameter, which is directly used in SQL queries. This flaw allows an unauthenticated remote attacker to inject malicious SQL code by manipulating the 'email' argument during the signup process. Exploiting this vulnerability could enable attackers to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized data access, data modification, or even complete compromise of the database server. The vulnerability is classified with a CVSS 4.0 base score of 6.9, indicating a medium severity level. The attack vector is network-based (remote), requires no privileges or user interaction, and the impact affects confidentiality, integrity, and availability to a limited extent. Although no public exploits are currently known to be actively used in the wild, the disclosure of the vulnerability and its details increases the risk of exploitation. The lack of available patches or mitigations from the vendor at this time further elevates the threat. Given the nature of the affected system—a vehicle parking management platform—successful exploitation could disrupt parking operations, expose sensitive user data such as registration details, and potentially facilitate further attacks within the organizational network if the database contains broader credentials or access information.

Detailed information about CVE-2025-7480: SQL Injection in PHPGurukul Vehicle Parking Management System affecting PHPGurukul Vehicle Parking Management System. 

CVE-2025-7480: SQL Injection in PHPGurukul Vehicle Parking Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7480: SQL Injection in PHPGurukul Vehicle Parking Management System

A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/view--detail.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7479 is a SQL Injection vulnerability identified in version 1.13 of the PHPGurukul Vehicle Parking Management System, specifically within the /users/view--detail.php file. The vulnerability arises from improper sanitization or validation of the 'viewid' parameter, which is susceptible to malicious input manipulation. An attacker can exploit this flaw remotely without requiring authentication or user interaction, by crafting specially designed requests to the affected parameter. Successful exploitation allows the attacker to inject arbitrary SQL commands into the backend database queries. This can lead to unauthorized data access, data modification, or potentially full compromise of the underlying database. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits have been reported in the wild yet. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, but limited impact on confidentiality, integrity, and availability. The vulnerability does not affect system components beyond the database scope and does not involve system-level code execution or privilege escalation. However, given the critical nature of parking management systems in operational environments, the risk to business continuity and data privacy is non-negligible.

Detailed information about CVE-2025-7479: SQL Injection in PHPGurukul Vehicle Parking Management System affecting PHPGurukul Vehicle Parking Management System. 

CVE-2025-7479: SQL Injection in PHPGurukul Vehicle Parking Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7479: SQL Injection in PHPGurukul Vehicle Parking Management System

A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. Affected is an unknown function of the file /admin/category-list.php. The manipulation of the argument idCate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7478 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Modern Bag application. The flaw exists in an unspecified function within the /admin/category-list.php file, where the idCate parameter is improperly sanitized, allowing an attacker to inject malicious SQL code. This vulnerability can be exploited remotely without requiring any authentication or user interaction, making it highly accessible to attackers. The injection can lead to unauthorized access, data leakage, data manipulation, or even complete compromise of the backend database. The CVSS 4.0 score is 6.9, indicating a medium severity level, primarily due to limited impact on confidentiality, integrity, and availability (each rated low), but with a low attack complexity and no privileges or user interaction required. Although no known exploits are currently observed in the wild, the public disclosure of the exploit increases the risk of exploitation. The vulnerability affects only version 1.0 of Modern Bag, a product by code-projects, and no official patches have been released yet. The lack of CWE classification and detailed technical specifics limits deeper analysis, but the nature of SQL injection vulnerabilities is well understood and typically allows attackers to execute arbitrary SQL commands against the database backend, potentially leading to data breaches or system compromise.

Detailed information about CVE-2025-7478: SQL Injection in code-projects Modern Bag affecting code-projects Modern Bag. Get real-time updates, technical details

CVE-2025-7478: SQL Injection in code-projects Modern Bag - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7478: SQL Injection in code-projects Modern Bag

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been declared as critical. This vulnerability affects unknown code of the file /users/print.php. The manipulation of the argument vid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7482: SQL Injection in PHPGurukul Vehicle Parking Management System affecting PHPGurukul Vehicle Parking Management System. 

CVE-2025-7482: SQL Injection in PHPGurukul Vehicle Parking Management System

CVE-2025-7482: SQL Injection in PHPGurukul Vehicle Parking Management System

Description

Technical Details

Related Threats

CVE-2025-7481: SQL Injection in PHPGurukul Vehicle Parking Management System

CVE-2025-7480: SQL Injection in PHPGurukul Vehicle Parking Management System

CVE-2025-7479: SQL Injection in PHPGurukul Vehicle Parking Management System

CVE-2025-7478: SQL Injection in code-projects Modern Bag

CVE-2025-7477: Unrestricted Upload in code-projects Simple Car Rental System

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility