Skip to main content

PHP CVE-2025-8157

LOW
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2025-07-25 cna@vuldb.com
PHP SQLi User Registration Login And User Management System
2.1
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 29, 2026 - 01:48 vuln.today

DescriptionNVD

A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3. It has been classified as critical. This affects an unknown part of the file /admin/lastthirtyays-reg-users.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

SQL injection in PHPGurukul User Registration & Login and User Management System 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /admin/lastthirtyays-reg-users.php. Exploitation requires valid user credentials but no user interaction. Publicly available exploit code exists, though CVSS 2.1 and EPSS 0.06% suggest low real-world exploitation risk despite the critical classification.

Share

CVE-2025-8157 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy