CVE-2025-4908 | PHPGurukul Daily Expense Tracker System 1.1 expense-datewise-reports-detailed.php fromdate/todate sql injection

Inserito da Angelo Barbosa | Mag 17, 2025 | CVE

A vulnerability classified as critical has been found in PHPGurukul Daily Expense Tracker System 1.1. This affects an unknown part of the file /expense-datewise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection.

This vulnerability is uniquely identified as CVE-2025-4908. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-4908 | PHPGurukul Daily Expense Tracker System 1.1 expense-datewise-reports-detailed.php fromdate/todate sql injection

Post correlati

CVE-2024-5515 | SourceCodester Stock Management System 1.0 createBrand.php brandName sql injection

CVE-2024-42512 | OPC UA .NET Standard Stack prior 1.5.374.158 Basic128Rsa15 Security Policy improper authentication

CVE-2024-52469 | Dhrubok Infotech WooCommerce Price Alert Plugin up to 1.0.4 on WordPress cross site scripting

CVE-2024-32568 | Melapress WP 2FA Plugin up to 2.6.2 on WordPress cross site scripting