CVE-2025-4028

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Published: Apr 28, 2025
Updated: May 11, 2025
CVE: CVE-2025-4028
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
phpgurukul / covid19_testing_management_system	1.0	1.0.x

https://github.com/JunZ-Leo/CVE/issues/1
https://phpgurukul.com/
https://vuldb.com/?ctiid.306391
https://vuldb.com/?id.306391
https://vuldb.com/?submit.559193

Vulnerability Database

CVE-2025-4028

Deep Security Visibility Without the Complexity