CVE-2025-7534
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-13

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in PHPGurukul Student Result Management System 2.0. It has been classified as critical. Affected is an unknown function of the file /notice-details.php of the component GET Parameter Handler. The manipulation of the argument nid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-13
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7534
EUVD
EUVD-2025-21261
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
phpgurukul student_result_management_system to 2.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-7534 is a critical SQL Injection vulnerability in the PHPGurukul Student Result Management System version 2.0. It exists in the handling of the 'nid' GET parameter in the file /notice-details.php. The parameter is used directly in SQL queries without proper sanitization, allowing attackers to inject malicious SQL commands remotely without authentication. Techniques like time-based and UNION-based SQL Injection can be used to exploit this flaw, potentially leading to full database compromise including sensitive data such as administrator credentials. [1, 2]


How can this vulnerability impact me? :

This vulnerability can severely impact you by allowing attackers to remotely execute SQL Injection attacks without authentication. Successful exploitation can lead to full compromise of the database, including extraction of sensitive information like administrator credentials. It affects the confidentiality, integrity, and availability of the system, making it possible for attackers to manipulate or destroy data, disrupt services, or gain unauthorized access. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by testing the `nid` GET parameter in the `/notice-details.php` file for SQL injection. You can use tools like sqlmap to automate detection, for example: `sqlmap -u "http://target/notice-details.php?nid=1" --batch`. Additionally, manual testing can be done by injecting SQL payloads such as `' OR '1'='1` into the `nid` parameter and observing the response. Attackers also use Google dorking with the query `inurl:notice-details.php` to find vulnerable targets. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

No known mitigations or countermeasures have been documented for this vulnerability. The suggested immediate step is to replace the affected PHPGurukul Student Result Management System version 2.0 with an alternative solution. Until a patch or fix is available, restricting access to the vulnerable endpoint and monitoring for suspicious activity is advisable. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart