Login Sign Up

CVE-2025-2647

7.3 HIGH
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in PHPGurukul Art Gallery Management System 1.0 allows attackers to execute arbitrary SQL commands through the search.php file. Remote attackers can potentially access, modify, or delete database content. All systems running the affected software are vulnerable.

💻 Affected Systems

Products:
  • PHPGurukul Art Gallery Management System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 1.0 are vulnerable. The vulnerability exists in the default configuration.

📦 What is this software?

Art Gallery Management System by Phpgurukul

View all CVEs affecting Art Gallery Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or limited data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available. Attack requires no authentication and is relatively simple to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement proper input validation and parameterized queries for the search.php file

Modify search.php to use prepared statements with parameterized queries

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns

Configure WAF to detect and block SQL injection attempts on /search.php

🧯 If You Can't Patch

  • Restrict access to search.php using IP whitelisting or authentication
  • Implement database user with minimal permissions (read-only if possible)

🔍 How to Verify

Check if Vulnerable:

Test search.php with SQL injection payloads like ' OR '1'='1

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Test with SQL injection payloads after implementing fixes to ensure they are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in application logs
  • Multiple failed search attempts with special characters
  • Database error messages containing SQL syntax

Network Indicators:

  • HTTP POST requests to /search.php with SQL keywords
  • Unusual parameter values in search requests

SIEM Query:

source="web_logs" AND uri="/search.php" AND (param="Search" CONTAINS "UNION" OR param="Search" CONTAINS "SELECT" OR param="Search" CONTAINS "OR")

📊 Metadata

CVE ID: CVE-2025-2647
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.12% exploit probability (31.2th percentile)
Published: March 23, 2025
Last Updated: March 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2647, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)