CVE-2025-5657 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5657

Published : June 5, 2025, 12:15 p.m. | 2 hours, 9 minutes ago

Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2024-58098 – Linux Kernel BPF Packet Pointer Invalidation Vulnerability

May 5, 2025

CVE ID : CVE-2024-58098

Published : May 5, 2025, 3:15 p.m. | 18 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

bpf: track changes_pkt_data property for global functions

When processing calls to certain helpers, verifier invalidates all
packet pointers in a current state. For example, consider the
following program:

__attribute__((__noinline__))
long skb_pull_data(struct __sk_buff *sk, __u32 len)
{
return bpf_skb_pull_data(sk, len);
}

SEC(“tc”)
int test_invalidate_checks(struct __sk_buff *sk)
{
int *p = (void *)(long)sk->data;
if ((void *)(p + 1) > (void *)(long)sk->data_end) return TCX_DROP;
skb_pull_data(sk, 0);
*p = 42;
return TCX_PASS;
}

After a call to bpf_skb_pull_data() the pointer ‘p’ can’t be used
safely. See function filter.c:bpf_helper_changes_pkt_data() for a list
of such helpers.

At the moment verifier invalidates packet pointers when processing
helper function calls, and does not traverse global sub-programs when
processing calls to global sub-programs. This means that calls to
helpers done from global sub-programs do not invalidate pointers in
the caller state. E.g. the program above is unsafe, but is not
rejected by verifier.

This commit fixes the omission by computing field
bpf_subprog_info->changes_pkt_data for each sub-program before main
verification pass.
changes_pkt_data should be set if:
– subprogram calls helper for which bpf_helper_changes_pkt_data
returns true;
– subprogram calls a global function,
for which bpf_subprog_info->changes_pkt_data should be set.

The verifier.c:check_cfg() pass is modified to compute this
information. The commit relies on depth first instruction traversal
done by check_cfg() and absence of recursive function calls:
– check_cfg() would eventually visit every call to subprogram S in a
state when S is fully explored;
– when S is fully explored:
– every direct helper call within S is explored
(and thus changes_pkt_data is set if needed);
– every call to subprogram S1 called by S was visited with S1 fully
explored (and thus S inherits changes_pkt_data from S1).

The downside of such approach is that dead code elimination is not
taken into account: if a helper call inside global function is dead
because of current configuration, verifier would conservatively assume
that the call occurs for the purpose of the changes_pkt_data
computation.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-5657 – PHPGurukul Complaint Management System SQL Injection Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

CVE-2025-46392 – Apache Commons Configuration Uncontrolled Resource Consumption Vulnerability

Critical Vulnerability in Lovable’s Security Policies Let Attackers Inject Malicious Code

CVE-2024-56193 – “Bluetooth Adapter Permissions Bypass Vulnerability in [Vendor Name]”

CVE-2025-49785 – Apache HTTP Server SQL Injection

CVE-2024-58098 – Linux Kernel BPF Packet Pointer Invalidation Vulnerability

What I learned from Inspired

One of the best gaming chairs we’ve given a 5-star rating to is now available to purchase in the UK

CVE-2025-2605 – Honeywell MB-Secure OS Command Injection Vulnerability

CVE-2025-5657 – PHPGurukul Complaint Management System SQL Injection Vulnerability

Related Posts