CVE-2025-28011
Essential information
- Published
- 13/03/2025 17:15
- Modified
- 13/03/2025 17:15
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| phpgurukul / user registration and login | cpe:2.3:a:phpgurukul:user_registration_and_login:3.3:*:*:*:*:*:*:* |