CVE-2025-2648 | Armis Vulnerability Intelligence Database

Description Preview

CVE-2025-2648 is a critical vulnerability found in the PHPGurukul Art Gallery Management System version 1.0. The vulnerability is located in the `/admin/view-enquiry-detail.php` file, where improper handling of the `viewid` parameter can lead to SQL injection attacks. This flaw allows attackers to execute arbitrary SQL queries against the database, potentially compromising sensitive data. The vulnerability can be exploited remotely, and the exploit has been publicly disclosed, making it imperative for users of the affected software to take immediate action.

Overview

CVE ID: CVE-2025-2648
Product: PHPGurukul Art Gallery Management System
Affected Version: 1.0
Vulnerability Type: SQL Injection (CWE-89)
Severity:
- CVSS v3.1: 7.3 (High)
- CVSS v4.0: 6.9 (Medium)
Attack Vector: Remote
Date Published: March 23, 2025
Advisory Disclosed: March 22, 2025

Remediation

Users of PHPGurukul Art Gallery Management System version 1.0 should immediately apply the following remediation steps:

Upgrade: Check for any available patches or updates from PHPGurukul that address this vulnerability.
Input Validation: Implement strict input validation for the viewid parameter to prevent SQL injection.
Database Permissions: Limit database permissions for the application to reduce the impact of potential SQL injection attacks.
Monitoring: Monitor application logs for any suspicious activity that may indicate exploitation attempts.

References

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Accommodation & Food Services: Low
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services: Low
Administrative, Support, Waste Management & Remediation Services
Agriculture, Forestry Fishing & Hunting: Low
Agriculture, Forestry Fishing & Hunting
Arts, Entertainment & Recreation: Low
Arts, Entertainment & Recreation
Construction: Low
Construction
Educational Services: Low
Educational Services
Finance and Insurance: Low
Finance and Insurance
Health Care & Social Assistance: Low
Health Care & Social Assistance
Information: Low
Information
Management of Companies & Enterprises: Low
Management of Companies & Enterprises
Manufacturing: Low
Manufacturing
Mining: Low
Mining
Other Services (except Public Administration): Low
Other Services (except Public Administration)
Professional, Scientific, & Technical Services: Low
Professional, Scientific, & Technical Services
Public Administration: Low
Public Administration
Real Estate Rental & Leasing: Low
Real Estate Rental & Leasing
Retail Trade: Low
Retail Trade
Transportation & Warehousing: Low
Transportation & Warehousing
Utilities: Low
Utilities
Wholesale Trade: Low
Wholesale Trade

^{CVE-2025-2648:}A critical SQL injection vulnerability exists in PHPGurukul Art Gallery Management System version 1.0, specifically in the `/admin/view-enquiry-detail.php` file, allowing remote attackers to manipulate the `viewid` parameter.

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!