AI description
CVE-2025-1580 refers to a SQL injection vulnerability found in the PHPGurukul Nipah Virus Testing Management System version 1.0. The vulnerability exists within the `/search-report-result.php` file and is due to improper handling of the `searchdata` argument. Exploitation of this vulnerability allows attackers to inject malicious SQL code, potentially granting them unauthorized access to the system's database. The attack can be carried out remotely. This vulnerability is related to CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')). This means that the application doesn't correctly sanitize user-supplied input before incorporating it into SQL queries, leaving it open to manipulation by attackers.
- Description
- A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.
- Source
- cna@vuldb.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- cna@vuldb.com
- CWE-74
- Hype score
- Not currently trending
CVE-2025-1580 02/23/2025 10:15:09 AM BaseSeverity: MEDIUM A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /search-report-r... https://t.co/MnpCf4ClTm
@CVETracker
23 Feb 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1580 A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /sear… https://t.co/uEAwditSoc
@CVEnew
23 Feb 2025
787 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes