CVE Alert: CVE-2025-10025 – PHPGurukul – Online Course Registration

Risk verdict

High risk: remote, unauthenticated SQL injection with a publicly disclosed PoC and exploit details; urgent patching required.

Why this matters

Compromised data integrity and confidentiality of course registrations and user information are possible, including potential data exfiltration. The exposure can enable attackers to enumerate or modify records from the admin interface, with reputational impact for affected educational organisations.

Most likely attack path

Attacker targets the admin/semester.php endpoint by supplying crafted input in the semester parameter; no authentication or user interaction required, enabling remote SQL injection. The vulnerability permits data leakage or modification with low preconditions, but lacks full system-wide scope, so lateral movement would hinge on database privileges and the extent of injected queries.

Who is most exposed

Institutions using PHPGurukul Online Course Registration 3.1 with publicly accessible admin interfaces (common on shared hosting or cloud deployments) are at highest risk, especially those exposing the admin panel to the internet.

Detection ideas

• Unusual or error-laden SQL responses from /admin/semester.php.
• spikes in long-running queries or unusual SELECT/UNION patterns in the database logs.
• bursts of requests with anomalous tokens or payloads targeting the semester parameter.
• IDS/WAF alerts for SQL injection signatures.
• Unexpected data access from the registration DB (e.g., student records, credentials).

Mitigation and prioritisation

• Apply vendor patch or upgrade to a non-affected version as a priority.
• Implement parameterised queries/prepared statements in admin/semester.php; review code for injection flaws.
• Restrict admin access by IP allowlists; enable MFA and require authentication for admin paths.
• Deploy WAF/IDS rules targeting SQL injection; implement input validation and rate limiting.
• Schedule emergency patch window with test in staging; document change control and rollback plan. Treat as high priority pending KEV/EPSS confirmation. If KEV or EPSS indicates higher urgency, escalate to priority 1.