CVE-2025-4358 – PHPGurukul Company Visitor Management System SQL Injection Vulnerability

May 6, 2025

CVE ID : CVE-2025-4358

Published : May 6, 2025, 2:15 p.m. | 1 hour, 19 minutes ago

Description : A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4359 – iSourcecode Gym Management System SQL Injection Vulnerability

Next Article CVE-2025-4357 – Tenda RX3 Command Injection Vulnerability

Highlights

CVE-2025-30220 – GeoServer XML External Entity (XXE) Injection

June 10, 2025

CVE ID : CVE-2025-30220

Published : June 10, 2025, 4:15 p.m. | 1 hour, 25 minutes ago

Description : GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

7 features in Windows 11 I wish were enabled by default

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

I used Lenovo’s latest dual-screen OLED laptop for a month and it wouldn’t be my first choice — here’s why

Here’s how I fixed a dead Steam Deck screen — with Valve proving they still have the best customer service in gaming

Borderlands 4 drops stunning new story trailer

DistroWatch Weekly, Issue 1127

Exploring Lakebase: Databricks’ Next-Gen AI-Native OLTP Database

Exploring Lakebase: Databricks’ Next-Gen AI-Native OLTP Database

Understanding JavaScript Promise

Lakeflow: Revolutionizing SCD2 Pipelines with Change Data Capture (CDC)

I used Lenovo’s latest dual-screen OLED laptop for a month and it wouldn’t be my first choice — here’s why

I used Lenovo’s latest dual-screen OLED laptop for a month and it wouldn’t be my first choice — here’s why

Here’s how I fixed a dead Steam Deck screen — with Valve proving they still have the best customer service in gaming

Borderlands 4 drops stunning new story trailer

CVE-2025-4358 – PHPGurukul Company Visitor Management System SQL Injection Vulnerability

WordPress Motors theme flaw mass-exploited to hijack admin accounts

Weekly Cybersecurity News Recap – Top Vulnerabilities, Threat and Data Breaches

Your Galaxy Watch could get a major sleep apnea upgrade, thanks to AI and Stanford

SBOMs Without the F-Bombs

CVE-2025-3462 – ASUS DriverHub HTTP Request Validation Bypass

Stored XSS Flaw in TP-Link WR841N Routers Could Expose Admin Credentials (CVE-2025-25427)

CVE-2025-30220 – GeoServer XML External Entity (XXE) Injection

7 features in Windows 11 I wish were enabled by default

Ron Cena The Last Time Is Now Shirt

These $130 Anker earbuds have no business sounding this good for the price

CVE-2025-4358 – PHPGurukul Company Visitor Management System SQL Injection Vulnerability

Related Posts