CVE-2025-4265

CWE-74CWE-89SQL InjectionCWE-863Incorrect Authorization5 documents5 sources
Severity
6.9MEDIUM
EPSS
0.2%
top 56.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Emergency Ambulance Hiring Portal
Timeline
PublishedMay 5
Latest updateMar 16

Description

A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
Mattermost fails to validate team-specific upload_file permissions2026-03-16
GHSA
GHSA-4g8w-3jcp-gh68: A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 12025-05-05
CVEList
PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection2025-05-05
CVE-2025-4265 (MEDIUM CVSS 6.9) | A vulnerability classified as criti | cvebase.io