CVE Alert: CVE-2025-10664 – PHPGurukul – Small CRM

**Risk verdict**: Urgent – remote SQL injection with public PoC and no authentication required, exposing internet-facing Small CRM deployments to immediate risk.

**Why this matters**: Public exploitation means any internet-facing instance can be abused to read or alter customer data, with regulatory and reputational consequences. The high-severity CVSS signals and an available PoC confirm practical abuse opportunities.

**Most likely attack path**: An attacker can target the /create-ticket.php endpoint over the network, injecting via the subject parameter with no user interaction or prior access. Successful exploitation could lead to data disclosure or modification; DB compromise severity hinges on the application’s database privileges.

**Who is most exposed**: Public-facing PHP/MySQL CRM deployments on shared hosting or internet-connected web servers are most at risk, especially where a ticket-creation endpoint is exposed to unauthenticated users.

**Detection ideas**:

• Web server logs showing anomalous SQL-like patterns in the subject field.
• Unusual or frequent SQL errors from create-ticket.php.
• WAF/IDS alerts for SQLi patterns targeting the endpoint.
• Database logs indicating unexpected connections or data exfiltration attempts from the web app.

**Mitigation and prioritisation**:

• Apply vendor patch or upgrade to the fixed version per advisory.
• Implement parameterised queries and input validation in create-ticket.php.
• Enforce least-privilege DB accounts and disable remote DB access from the web app.
• Enable WAF/IDS rules specifically targeting SQL injection on the endpoint.
• Change-management: test patches in staging before production; monitor post-deployment for anomalous DB activity. If KEV is confirmed or EPSS ≥ 0.5, elevate as priority 1.