Cyber Resilience

CVE-2025-1583

Medium

Published: 23 February 2025

Published
23 February 2025
Modified
28 February 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 6.2th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1583 is a medium-severity Injection (CWE-74) vulnerability in Phpgurukul Online Nurse Hiring System. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-1583 is a SQL injection vulnerability affecting PHPGurukul Online Nurse Hiring System 1.0. The issue resides in an unknown part of the file /admin/search-report-details.php, where manipulation of the searchinput argument enables the injection. Classified as critical with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), it maps to CWEs 74 and 89. The vulnerability was published on 2025-02-23.

An attacker with low privileges can exploit this remotely over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling unauthorized data access, modification, or disruption within the affected application's database.

Advisories and details are available in referenced sources, including a GitHub issue at https://github.com/wqywfvc/CVE/issues/12, the vendor site at https://phpgurukul.com/, and VULDB entries at https://vuldb.com/?ctiid.296559, https://vuldb.com/?id.296559, and https://vuldb.com/?submit.504452.

The exploit has been publicly disclosed and may be used by attackers.

EU & UK References

Vulnerability details

A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/search-report-details.php. The manipulation of the argument searchinput leads to sql injection. It is possible to initiate the…

more

attack remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote exploitation of a public-facing web application via SQL injection in an admin endpoint, enabling unauthorized database access/modification.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-1581Same product: Phpgurukul Online Nurse Hiring System
CVE-2025-1582Same product: Phpgurukul Online Nurse Hiring System
CVE-2025-1588Same product: Phpgurukul Online Nurse Hiring System
CVE-2025-2683Same vendor: Phpgurukul
CVE-2025-7482Same vendor: Phpgurukul
CVE-2025-7164Same vendor: Phpgurukul
CVE-2026-0733Same vendor: Phpgurukul
CVE-2026-2088Same vendor: Phpgurukul
CVE-2025-1906Same vendor: Phpgurukul
CVE-2025-7521Same vendor: Phpgurukul

Affected Assets

phpgurukul
online nurse hiring system
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection by requiring validation and sanitization of untrusted inputs like the searchinput parameter in /admin/search-report-details.php.

prevent

Mandates timely identification, reporting, and correction of flaws such as this critical SQL injection vulnerability in the PHPGurukul application.

detect

Facilitates proactive detection of SQL injection vulnerabilities like CVE-2025-1583 through automated vulnerability scanning of the web application.

References