Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 2, 2025

CVE-2025-65379

Description

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

Affected products

Pachno/Php Gurukul Billing Systeminferred
Range: =1.0
Package: https://pypi.org/project/php-gurukul-billing-system

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/dewcode91/security-research/blob/main/CVE-2025-65379.mdmitre
phpgurukul.com/billing-system-using-php-and-mysql/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000