CVE-2025-4264

CWE-74 CWE-89 — SQL Injection4 documents4 sources

Severity

6.9MEDIUM

EPSS

0.2%

top 56.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Emergency Ambulance Hiring Portal

Timeline

PublishedMay 5

Latest updateJul 9

Description

A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/edit-ambulance.php. The manipulation of the argument dconnum leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5phpgurukul/emergency_ambulance_hiring_portal1.0

▶NVDphpgurukul/emergency_ambulance_hiring_portal1.0

🔴Vulnerability Details

CVEList

PHPGurukul Emergency Ambulance Hiring Portal edit-ambulance.php sql injection↗2025-05-05

▶

GHSA

GHSA-4hcm-q3r5-74c4: A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1↗2025-05-05

▶

📋Vendor Advisories

Red Hat

kernel: riscv: save the SR_SUM status over switches↗2025-07-09

▶