2 matches found
CVE-2025-65380
The CVE-2025-65380 entry concerns PHPGurukul Billing System 1.0 with a SQL Injection in admin/index.php, where the username parameter is concatenated into a backend SQL query. Multiple connected sources describe the vulnerability and confirm that an attacker could exploit it to run arbitrary SQL ...
CVE-2025-65379
CVE-2025-65379 affects PHPGurukul Billing System 1.0. The /admin/password-recovery.php endpoint is vulnerable to SQL Injection caused by unvalidated input in the username and mobileno parameters, which are directly concatenated into a backend SQL query. This can allow an attacker to steal, tamper...