Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 2, 2025

CVE-2025-65380

Description

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

Affected products

Pachno/Php Gurukul Billing Systeminferred
Range: =1.0
Package: https://pypi.org/project/php-gurukul-billing-system

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/dewcode91/security-research/blob/main/CVE-2025-65380.mdmitre
phpgurukul.com/billing-system-using-php-and-mysqlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000