CVE-2025-28011

MEDIUM Year: 2025
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.

Related Vulnerabilities

CVE-2021-1380

MEDIUM
CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2021-1407

MEDIUM
CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2021-1408

MEDIUM
CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2021-1409

MEDIUM
CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2022-29652

MEDIUM
CVSS:6.1(Medium)

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.

CWE-892022

CVE-2023-29459

MEDIUM
CVSS:6.1(Medium)

The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this ...

CWE-892023