CVE-2025-3220

CWE-74CWE-89SQL InjectionCWE-476NULL Pointer DereferenceCWE-4265 documents4 sources
Severity
6.9MEDIUM
EPSS
0.2%
top 57.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul E-diary Management System
Timeline
PublishedApr 4

Description

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
PHPGurukul e-Diary Management System dashboard.php sql injection2025-04-04
GHSA
GHSA-r5q5-p828-45hr: A vulnerability was found in PHPGurukul e-Diary Management System 12025-04-04

📋Vendor Advisories

2
Microsoft
Default mimetype known files writeable on Windows2025-02-11
Microsoft
An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Poin2023-06-13
CVE-2025-3220 (MEDIUM CVSS 6.9) | A vulnerability was found in PHPGur | cvebase.io