Primary

Context

PHPGurukul Complaint Management System SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in PHPGurukul Complaint Management System version 2.0. The issue arises in the reset-password.php file, where the email and mobileno parameters can be manipulated to inject malicious SQL queries.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, send a request to the reset-password.php file with injected SQL payloads in the email and mobileno parameters. Use a time-based payload, such as 'sleep(10)', to obfuscate the attack and avoid detection.

Added: Nov 17, 2025, 7:22 PM

Updated: Nov 17, 2025, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

9.1

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

9.1

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHPGurukul Complaint Management System SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

PHPGurukul Complaint Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating