How to fix EUVD-2025-16853?

Within 24 hours: Take the affected /add-company.php endpoint offline or restrict access to trusted IP ranges only; inventory all instances of this system across the organization. Within 7 days: Deploy Web Application Firewall (WAF) rules to block SQL injection patterns in the companyname parameter; validate backups and test recovery procedures. Within 30 days: Migrate to an alternative, actively maintained farm management system or coordinate with the vendor for a patched release; conduct a forensic audit for signs of compromise.

Is PHP affected by EUVD-2025-16853?

A SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System 1.3 allows remote attackers to compromise database integrity and access sensitive business data without authentication.

EUVD-2025-16853

| CVE-2025-5574 HIGH

2025-06-04 [email protected]

PHP SQLi Dairy Farm Shop Management System

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16853

PoC Detected

Jun 10, 2025 - 15:10 vuln.today

Public exploit code

CVE Published

Jun 04, 2025 - 07:15 nvd

HIGH 7.3

DescriptionNVD

A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file /add-company.php. The manipulation of the argument companyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System version 1.3, specifically in the /add-company.php file where the 'companyname' parameter is improperly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data theft, modification, or deletion. The exploit has been publicly disclosed and proof-of-concept code is available, significantly increasing real-world exploitation risk.

Technical ContextAI

This vulnerability exploits improper input validation in PHP web applications, classified under CWE-74 (Improper Neutralization of Special Elements in Output, 'Injection'). The /add-company.php endpoint accepts user-supplied input (companyname parameter) and passes it directly into SQL queries without parameterized queries or prepared statements. PHPGurukul Dairy Farm Shop Management System 1.3 is a PHP-based e-commerce management application (CPE: cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.3:*:*:*:*:*:*:*) that manages inventory and transactions. The root cause is the absence of input validation and the use of string concatenation for SQL query construction rather than parameterized queries or ORM frameworks that automatically escape user input.

EUVD-2025-16853 vulnerability details – vuln.today

Back

EUVD-2025-16853

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Share

External POC / Exploit Code