PHPGurukul Billing System SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in PHPGurukul Billing System version 1.0, specifically within the admin/index.php endpoint. The issue arises because the username parameter allows unvalidated user input, which is directly concatenated into a SQL query on the backend, creating an opportunity for attackers to manipulate the executed SQL statement.

Impact

Exploitation of this vulnerability could lead to unauthorized data retrieval from the database, bypassing authentication, or compromising the integrity of the application's database.

Added: Dec 2, 2025, 9:18 PM

Updated: Dec 2, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHPGurukul Billing System SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating