Login Sign Up

CVE-2025-5612

6.3 MEDIUM
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in PHPGurukul Online Fire Reporting System 1.2 allows attackers to manipulate database queries via the 'fullname' parameter in reporting.php. Remote attackers can potentially read, modify, or delete database contents. Organizations using this specific version of the fire reporting system are affected.

💻 Affected Systems

Products:
  • PHPGurukul Online Fire Reporting System
Versions: 1.2
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation. Other parameters beyond 'fullname' may also be vulnerable.

📦 What is this software?

Online Fire Reporting System by Phpgurukul

View all CVEs affecting Online Fire Reporting System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information (user credentials, fire reports, personal data), and potential data manipulation.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit available on GitHub. SQL injection is a well-understood attack vector with many automated tools available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://phpgurukul.com/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to sanitize all user inputs, especially the 'fullname' parameter

Edit reporting.php to add: $fullname = mysqli_real_escape_string($connection, $_POST['fullname']);

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns

ModSecurity rule: SecRule ARGS "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

  • Isolate the system from internet access and restrict to internal network only
  • Implement strict network segmentation and monitor all database access attempts

🔍 How to Verify

Check if Vulnerable:

Test the reporting.php endpoint with SQL injection payloads in the 'fullname' parameter

Check Version:

Check system documentation or admin panel for version information

Verify Fix Applied:

Attempt SQL injection after implementing fixes and verify database queries are properly parameterized

📡 Detection & Monitoring

Log Indicators:

  • Unusual database query patterns
  • Multiple failed login attempts from single IP
  • SQL syntax errors in application logs

Network Indicators:

  • Unusual outbound database connections
  • SQL keywords in HTTP POST parameters

SIEM Query:

source="web_logs" AND ("UNION SELECT" OR "' OR '1'='1" OR "sleep(" OR "benchmark(")

📊 Metadata

CVE ID: CVE-2025-5612
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.06% exploit probability (18.6th percentile)
Published: June 4, 2025
Last Updated: June 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5612, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)