CVE-2025-3238

CVE-2025-3238

Título es
Vulnerabilidad en PHPGurukul Online Fire Reporting System 1.2 (CVE-2025-3238)

Vie, 04/04/2025 – 10:15

Tipo
CWE-74

Gravedad v2.0
7.50

Gravedad 2.0 Txt
HIGH

Título en

CVE-2025-3238

Descripción es
Se ha detectado una vulnerabilidad crítica en PHPGurukul Online Fire Reporting System 1.2. Se ve afectada una función desconocida del archivo /search-request.php. La manipulación del argumento "searchdata" provoca una inyección SQL. Es posible ejecutar el ataque remotamente. Se ha hecho público el exploit y puede que sea utilizado.

Descripción en
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

04/04/2025
04/04/2025
04/04/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:P/I:P/A:P

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
7.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://github.com/JunGu-W/cve/issues/3

  • https://phpgurukul.com/

  • https://vuldb.com/?ctiid_303264=

  • https://vuldb.com/?id_303264=

  • https://vuldb.com/?submit_546415=

    • Enviar en el boletín
    Off

    CVE-2025-3237

    CVE-2025-3237

    Título es
    Vulnerabilidad en Tenda FH1202 1.2.0.14(408) (CVE-2025-3237)

    Vie, 04/04/2025 – 10:15

    Tipo
    CWE-266

    Gravedad v2.0
    5.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-3237

    Descripción es
    Se encontró una vulnerabilidad en Tenda FH1202 1.2.0.14(408). Se ha clasificado como crítica. Este problema afecta a un procesamiento desconocido del archivo /goform/wrlwpsset. La manipulación genera controles de acceso inadecuados. El ataque podría iniciarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.

    Descripción en
    A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    04/04/2025
    04/04/2025
    04/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:N/I:P/A:N

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-wrlwpsset-1bc53a41781f80aeb9a6de676fe25e6d?pvs=4

  • https://vuldb.com/?ctiid_303263=

  • https://vuldb.com/?id_303263=

  • https://vuldb.com/?submit_546368=

  • https://www.tenda.com.cn/

    • Enviar en el boletín
    Off

    CVE-2025-3236

    CVE-2025-3236

    Título es
    Vulnerabilidad en Tenda FH1202 1.2.0.14(408) (CVE-2025-3236)

    Vie, 04/04/2025 – 10:15

    Tipo
    CWE-266

    Gravedad v2.0
    5.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-3236

    Descripción es
    Se encontró una vulnerabilidad en Tenda FH1202 1.2.0.14(408). Se ha declarado crítica. Esta vulnerabilidad afecta al código desconocido del archivo /goform/VirSerDMZ del componente Interfaz de Administración Web. La manipulación genera controles de acceso inadecuados. El ataque puede iniciarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.

    Descripción en
    A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    04/04/2025
    04/04/2025
    04/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:N/I:P/A:N

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-VirSerDMZ-1bc53a41781f809b9e6cdd60fe4e428c?pvs=4

  • https://vuldb.com/?ctiid_303262=

  • https://vuldb.com/?id_303262=

  • https://vuldb.com/?submit_546367=

  • https://www.tenda.com.cn/

    • Enviar en el boletín
    Off

    CVE-2025-22282

    CVE-2025-22282

    Título es
    CVE-2025-22282

    Vie, 04/04/2025 – 11:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22282

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EPC ez Form Calculator – WordPress plugin allows Reflected XSS.This issue affects ez Form Calculator – WordPress plugin: from n/a through 2.14.1.2.

    04/04/2025
    04/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/ez-form-calculator-premium/vulnerability/wordpress-ez-form-calculator-wordpress-plugin-plugin-2-14-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-3242

    CVE-2025-3242

    Título es
    CVE-2025-3242

    Vie, 04/04/2025 – 11:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-3242

    Descripción en
    A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    04/04/2025
    04/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/lkncdy/cve/issues/1

  • https://phpgurukul.com/

  • https://vuldb.com/?ctiid_303268=

  • https://vuldb.com/?id_303268=

  • https://vuldb.com/?submit_547719=

    • Enviar en el boletín
    Off

    CVE-2025-3241

    CVE-2025-3241

    Título es
    CVE-2025-3241

    Vie, 04/04/2025 – 11:15

    Tipo
    CWE-610

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-3241

    Descripción en
    A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

    04/04/2025
    04/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/askqiu/cve/blob/main/README.md

  • https://vuldb.com/?ctiid_303267=

  • https://vuldb.com/?id_303267=

  • https://vuldb.com/?submit_547585=

    • Enviar en el boletín
    Off

    CVE-2025-3240

    CVE-2025-3240

    Título es
    CVE-2025-3240

    Vie, 04/04/2025 – 11:15

    Tipo
    CWE-74

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2025-3240

    Descripción en
    A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

    04/04/2025
    04/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/JunGu-W/cve/issues/5

  • https://phpgurukul.com/

  • https://vuldb.com/?ctiid_303266=

  • https://vuldb.com/?id_303266=

  • https://vuldb.com/?submit_546615=

    • Enviar en el boletín
    Off

    CVE-2025-3239

    CVE-2025-3239

    Título es
    CVE-2025-3239

    Vie, 04/04/2025 – 11:15

    Tipo
    CWE-74

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2025-3239

    Descripción en
    A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    04/04/2025
    04/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/JunGu-W/cve/issues/4

  • https://phpgurukul.com/

  • https://vuldb.com/?ctiid_303265=

  • https://vuldb.com/?id_303265=

  • https://vuldb.com/?submit_546598=

    • Enviar en el boletín
    Off

    CVE-2025-3243

    CVE-2025-3243

    Título es
    CVE-2025-3243

    Vie, 04/04/2025 – 12:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-3243

    Descripción en
    A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    04/04/2025
    04/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://code-projects.org/

  • https://github.com/BinBall/cve/blob/master/README.md

  • https://vuldb.com/?ctiid_303269=

  • https://vuldb.com/?id_303269=

  • https://vuldb.com/?submit_547882=

    • Enviar en el boletín
    Off

    CVE-2025-3244

    CVE-2025-3244

    Título es
    CVE-2025-3244

    Vie, 04/04/2025 – 12:15

    Tipo
    CWE-284

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-3244

    Descripción en
    A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    04/04/2025
    04/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/6s6-630/CVE/blob/main/yaofang.md

  • https://vuldb.com/?ctiid_303271=

  • https://vuldb.com/?id_303271=

  • https://vuldb.com/?submit_547916=

  • https://www.sourcecodester.com/

    • Enviar en el boletín
    Off