CVE-2025-1583
Published: 23 February 2025
Summary
CVE-2025-1583 is a medium-severity Injection (CWE-74) vulnerability in Phpgurukul Online Nurse Hiring System. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection by requiring validation and sanitization of untrusted inputs like the searchinput parameter in /admin/search-report-details.php.
Mandates timely identification, reporting, and correction of flaws such as this critical SQL injection vulnerability in the PHPGurukul application.
Facilitates proactive detection of SQL injection vulnerabilities like CVE-2025-1583 through automated vulnerability scanning of the web application.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of a public-facing web application via SQL injection in an admin endpoint, enabling unauthorized database access/modification.
NVD Description
A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/search-report-details.php. The manipulation of the argument searchinput leads to sql injection. It is possible to initiate the…
more
attack remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-1583 is a SQL injection vulnerability affecting PHPGurukul Online Nurse Hiring System 1.0. The issue resides in an unknown part of the file /admin/search-report-details.php, where manipulation of the searchinput argument enables the injection. Classified as critical with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), it maps to CWEs 74 and 89. The vulnerability was published on 2025-02-23.
An attacker with low privileges can exploit this remotely over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling unauthorized data access, modification, or disruption within the affected application's database.
Advisories and details are available in referenced sources, including a GitHub issue at https://github.com/wqywfvc/CVE/issues/12, the vendor site at https://phpgurukul.com/, and VULDB entries at https://vuldb.com/?ctiid.296559, https://vuldb.com/?id.296559, and https://vuldb.com/?submit.504452.
The exploit has been publicly disclosed and may be used by attackers.
Details
- CWE(s)