How to fix EUVD-2025-21217?

Within 24 hours: Inventory all systems running Job Diary 1.0 and restrict network access to the /search.php endpoint using firewall rules or WAF policies. Within 7 days: Deploy a Web Application Firewall (WAF) with SQL injection detection rules and implement input validation on the Search parameter; consider disabling the search functionality if not critical. Within 30 days: Evaluate alternative solutions or plan migration away from Job Diary 1.0, as no vendor patch exists and the application appears abandoned.

Is PHP affected by EUVD-2025-21217?

A critical SQL injection vulnerability in Job Diary 1.0 allows remote attackers to compromise database integrity and potentially access sensitive data without authentication. Public exploit code is available, making this an active threat requiring immediate mitigation.

EUVD-2025-21217

| CVE-2025-7474 HIGH

2025-07-12 [email protected]

PHP SQLi Job Diary

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 08:56 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 08:56 euvd

EUVD-2025-21217

PoC Detected

Jul 15, 2025 - 18:08 vuln.today

Public exploit code

CVE Published

Jul 12, 2025 - 12:15 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was found in code-projects Job Diary 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-7474 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /search.php file's Search parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands with potential data exfiltration, modification, and application disruption. The exploit has been publicly disclosed with proof-of-concept code available, and the vulnerability meets the criteria for inclusion in CISA's Known Exploited Vulnerabilities (KEV) catalog due to active real-world exploitation.

Technical ContextAI

The vulnerability stems from improper input validation and parameterization in the Search parameter of /search.php, classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component - 'Injection'). The root cause involves unsanitized user input being directly concatenated into SQL queries without prepared statements or parameterized query mechanisms. Job Diary 1.0 is a PHP-based application (CPE: cpe:2.3:a:code-projects:job_diary:1.0:*:*:*:*:*:*:*) that typically runs on standard LAMP stacks. The /search.php endpoint accepts GET/POST parameters without adequate escaping, enabling classic SQL injection techniques such as UNION-based, time-based blind, or error-based injection methods.

EUVD-2025-21217 vulnerability details – vuln.today

Back

EUVD-2025-21217

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Share

External POC / Exploit Code