CVE-2025-3972

A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Published: Apr 27, 2025
Updated: May 8, 2025
CVE: CVE-2025-3972
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
phpgurukul / covid19_testing_management_system	1.0	1.0.x

https://github.com/skyrainoh/CVE/issues/2
https://phpgurukul.com/
https://vuldb.com/?ctiid.306308
https://vuldb.com/?id.306308
https://vuldb.com/?submit.557392

Vulnerability Database

CVE-2025-3972

Deep Security Visibility Without the Complexity