Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-2473 — Injection in Company Visitor Management System

CWE-74 — Injection CWE-89 — SQL Injection CWE-348 — Use of Less Trusted Source5 documents5 sources

Severity

6.9MEDIUMNVD

EPSS

9.7%

top 7.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpgurukul Company Visitor Management System

Timeline

PublishedMar 18

Description

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Sign In. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5phpgurukul/company_visitor_management_system2.0

▶NVDphpgurukul/company_visitor_management_system2.0

🔴Vulnerability Details

CVEList

PHPGurukul Company Visitor Management System Sign In index.php sql injection↗2025-03-18

▶

GHSA

GHSA-6cq7-qpq2-9r7r: A vulnerability was found in PHPGurukul Company Visitor Management System 2↗2025-03-18

▶

💥Exploits & PoCs

Nuclei

Company Visitor Management System 1.0 - SQL Injection

▶

📋Vendor Advisories

Red Hat

networkmanager: 4in6 and 6in6 protocols excessive trust↗2025-01-14

▶