CVE-2025-5576 – PHPGurukul Dairy Farm Shop Management System SQL Injection Vulnerability

June 4, 2025

CVE ID : CVE-2025-5576

Published : June 4, 2025, 8:15 a.m. | 3 hours, 19 minutes ago

Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file /bwdate-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5577 – PHPGurukul Dairy Farm Shop Management System SQL Injection Vulnerability

Next Article CVE-2025-47727 – Delta Electronics CNCSoft File Path Traversal Remote Code Execution Vulnerability

Highlights

CVE-2025-4517 – Tarfile Filter Arbitrary File Write

June 3, 2025

CVE ID : CVE-2025-4517

Published : June 3, 2025, 1:15 p.m. | 44 minutes ago

Description : Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=”data”.

You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don’t include the extraction filter feature.

Note that for Python 3.14 or later the default value of filter= changed from “no filtering” to `”data”, so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it’s important to avoid installing source distributions with suspicious links.

Severity: 9.4 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2025-5576 – PHPGurukul Dairy Farm Shop Management System SQL Injection Vulnerability

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

I’ve seen enough premium gaming handhelds — ASUS, Lenovo, and more could learn from AYANEO’s new budget-friendly line

CVE-2025-53731 – Microsoft Office Use-After-Free Code Execution Vulnerability

I’m quitting Blue Prince before I go insane

CVE-2025-27453 – Apache PHP HttpOnly Cookie Access Vulnerability

CVE-2025-4517 – Tarfile Filter Arbitrary File Write

Is your Microsoft account passwordless yet? Why it (probably) should be and how to do it right

CVE-2025-41683 – Apache Device Command Injection Vulnerability

GPT-5 was supposed to simplify ChatGPT but now it has 4 new modes – here’s why

CVE-2025-5576 – PHPGurukul Dairy Farm Shop Management System SQL Injection Vulnerability

Related Posts