Login Sign Up

CVE-2025-2472

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

This critical SQL injection vulnerability in PHPGurukul Apartment Visitors Management System 1.0 allows attackers to execute arbitrary SQL commands through the username parameter on the sign-in page. Attackers can potentially access, modify, or delete database contents remotely. All users running version 1.0 of this software are affected.

💻 Affected Systems

Products:
  • PHPGurukul Apartment Visitors Management System
Versions: 1.0
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the /index.php file in the Sign In component. Requires PHP environment with database connectivity.

📦 What is this software?

Apartment Visitors Management System by Phpgurukul

View all CVEs affecting Apartment Visitors Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, authentication bypass, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access, privilege escalation, and potential system takeover through SQL injection leading to admin credential extraction.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in GitHub issue. Attack can be launched remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://phpgurukul.com/

Restart Required: No

Instructions:

No official patch available. Consider implementing input validation and parameterized queries manually or migrating to alternative software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation for username parameter to reject SQL special characters

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting the sign-in endpoint

🧯 If You Can't Patch

  • Isolate the system from internet access and restrict to internal network only
  • Implement network segmentation and strict access controls to limit potential damage

🔍 How to Verify

Check if Vulnerable:

Test the sign-in page with SQL injection payloads in username field (e.g., ' OR '1'='1)

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and proper error handling is in place

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts with SQL syntax in username field
  • Unusual database query patterns from web server

Network Indicators:

  • HTTP POST requests to /index.php containing SQL keywords in parameters

SIEM Query:

source="web_logs" AND uri="/index.php" AND (username CONTAINS "' OR" OR username CONTAINS "UNION" OR username CONTAINS "SELECT")

📊 Metadata

CVE ID: CVE-2025-2472
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.12% exploit probability (31.3th percentile)
Published: March 18, 2025
Last Updated: May 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2472, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)