Login Sign Up

CVE-2025-4812

7.3 HIGH
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in PHPGurukul Human Metapneumovirus Testing Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the mobilenumber parameter in profile.php. Organizations using this specific healthcare management software are affected, potentially exposing sensitive patient testing data.

💻 Affected Systems

Products:
  • PHPGurukul Human Metapneumovirus Testing Management System
Versions: 1.0
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web application component accessible via HTTP/HTTPS. Requires PHP environment with database backend.

📦 What is this software?

Human Metapneumovirus by Phpgurukul

View all CVEs affecting Human Metapneumovirus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to theft of all patient testing records, authentication bypass, remote code execution, and system takeover.

🟠

Likely Case

Unauthorized access to patient testing data, manipulation of test results, and potential data exfiltration.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or partial data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. SQL injection via mobilenumber parameter requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://phpgurukul.com/

Restart Required: No

Instructions:

No official patch available. Consider implementing input validation and parameterized queries in profile.php.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to only accept numeric values for mobilenumber parameter

Edit profile.php to add: if(!is_numeric($_POST['mobilenumber'])) { die('Invalid input'); }

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

ModSecurity rule: SecRule ARGS:mobilenumber "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

  • Isolate the system behind a reverse proxy with strict input filtering
  • Implement network segmentation to limit database access from application server only

🔍 How to Verify

Check if Vulnerable:

Test profile.php endpoint with SQL injection payloads in mobilenumber parameter: ' OR '1'='1

Check Version:

Check application version in admin panel or readme files

Verify Fix Applied:

Test with same payloads after implementing fixes - should return error or sanitized response

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in PHP logs
  • Multiple rapid requests to profile.php with special characters
  • Database connection errors

Network Indicators:

  • HTTP POST requests to /profile.php containing SQL keywords in parameters
  • Unusual database traffic patterns from web server

SIEM Query:

source="web_logs" AND uri="/profile.php" AND (param="mobilenumber" AND value MATCHES "(?i)(union|select|insert|delete|update|drop|--|#|;)")

📊 Metadata

CVE ID: CVE-2025-4812
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.07% exploit probability (20.5th percentile)
Published: May 16, 2025
Last Updated: June 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4812, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)