PHPGurukul Billing System SQL Injection Vulnerability in Password Recovery Endpoint

Vulnerability

A SQL injection vulnerability has been identified in PHPGurukul Billing System version 1.0, specifically within the admin password recovery endpoint. The vulnerability arises because the username and mobileno parameters accept unvalidated user input, which is directly concatenated into a backend SQL query without proper sanitation or parameterization. This flaw allows attackers to manipulate the SQL query executed by the database, potentially leading to unauthorized data access, account takeover, or modification of the application's database.

Impact

Exploitation of this vulnerability could allow a remote attacker to bypass authentication, access unauthorized data from the database, or compromise the integrity of the entire application's database.

Added: Dec 2, 2025, 8:18 PM

Updated: Dec 2, 2025, 10:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHPGurukul Billing System SQL Injection Vulnerability in Password Recovery Endpoint

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating