CVE Alert: CVE-2025-10604 - PHPGurukul - Online Discussion Forum

CVE-2025-10604

HIGHNo exploitation known

A vulnerability was identified in PHPGurukul Online Discussion Forum 1.0. This affects an unknown part of the file /admin/edit_member.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

CVSS v3.1 (7.3)

Vendor

PHPGurukul

Product

Online Discussion Forum

Versions

1.0

CWE

CWE-89, SQL Injection

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Published

2025-09-17T17:32:07.195Z

Updated

2025-09-17T17:32:07.195Z

References

https://vuldb.com/?id.324624

https://vuldb.com/?ctiid.324624

https://vuldb.com/?submit.649868

https://github.com/maximdevere/cve/issues/2

https://phpgurukul.com/

AI Summary Analysis

Risk verdict

High risk: remote, unauthenticated SQL injection against the admin interface with a publicly available exploit; patch urgently.

Why this matters

An injection in the admin/edit_member.php workflow can reveal, modify or delete member data and potentially exfiltrate credentials. The lack of user interaction and network-based access raises the chances of automated exploitation, with business impact including data leakage, integrity compromise and reputational damage.

Most likely attack path

Attacker targets the publicly exposed /admin/edit_member.php endpoint, supplying a crafted id parameter to trigger SQL injection. With network access, no privileges required and no UI interaction, the attacker can enumerate data or manipulate records; if the underlying DB is misconfigured, further lateral movement or credential exposure is possible.

Who is most exposed

Any deployment running PHPGurukul Online Discussion Forum 1.0 with internet-facing admin pages is at risk, common in educational or community-hosted forums on LAMP stacks. Organisations with shared hosting or weak admin access controls are particularly vulnerable.

Detection ideas

Spike in requests to edit_member.php with suspicious id values or SQL fragments
Database error messages or unusual query errors appearing in app logs
Anomalous data reads/writes from member tables after auth attempts
Signatures or WAF events indicating SQL injection patterns
Unusual traffic to admin endpoints from new or unknown IPs

Mitigation and prioritisation

Apply vendor patch or upgrade to fixed version immediately
Implement input parameterisation and prepared statements; validate/escape id values
Restrict admin URL access to trusted networks; enforce MFA for admin accounts
Deploy WAF/IPS rules to block typical SQLi payloads; monitor for repeated attempts
Ensure backups and change-control logging; rotate credentials if compromise suspected

Note: If evidence of active exploitation (KEV/EPSS ≥ threshold) emerges, treat as priority 1.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-10604, online-discussion-forum, OSINT, phpgurukul, threatintel