Description
phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter.
Published: 2025-09-03
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a classic SQL injection in the complaint-details.php endpoint of PHPgurukul’s Complaint Management System 2.0. By manipulating the cid query parameter, an attacker can inject arbitrary SQL commands, allowing the reading, modification, or deletion of database data and compromising data confidentiality, integrity, and potentially availability. The weakness is classified as CWE‑89.

Affected Systems

This issue affects the PHPgurukul Complaint Management System 2.0. No other versions or vendors are known to be affected at the time of this advisory.

Risk and Exploitability

The CVSS vector scores the vulnerability as 6.5, which falls in the medium range, while the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not included in the CISA Known Exploit Vulnerabilities catalog. Attackers can reach the flaw by sending crafted HTTP requests to complaint-details.php; authentication is not mentioned, so the exposure may be unauthenticated or require user‑level access. Because the flaw is in a publicly reachable web parameter, the risk surface is significant enough to warrant priority remediation.

Generated by OpenCVE AI on April 28, 2026 at 00:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the patched version of PHPgurukul Complaint Management System that resolves the SQL injection.
  • Refactor the database interaction in complaint-details.php to use parameterized prepared statements instead of string concatenation.
  • Validate the cid query parameter so that only numeric values are accepted, and reject any other input.

Generated by OpenCVE AI on April 28, 2026 at 00:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-26517 phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter.
History

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 04 Sep 2025 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phpgurukul:complaint_management_system:2.0:*:*:*:-:*:*:*

Wed, 03 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Phpgurukul
Phpgurukul complaint Management System
Vendors & Products Phpgurukul
Phpgurukul complaint Management System

Wed, 03 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Sep 2025 14:45:00 +0000

Type Values Removed Values Added
Description phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter.
References

Subscriptions

Phpgurukul Complaint Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T14:19:08.917Z

Reserved: 2025-08-17T00:00:00.000Z

Link: CVE-2025-57149

cve-icon Vulnrichment

Updated: 2025-09-03T14:59:48.903Z

cve-icon NVD

Status : Modified

Published: 2025-09-03T15:15:38.857

Modified: 2026-04-06T15:17:06.280

Link: CVE-2025-57149

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:30:15Z

Weaknesses