{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2687","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-03-23T09:25:05.701Z","datePublished":"2025-03-24T06:00:12.375Z","dateUpdated":"2025-03-24T12:22:21.869Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-03-24T06:00:12.375Z"},"title":"PHPGurukul eLearning System Image index.php unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"Unrestricted Upload"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"PHPGurukul","product":"eLearning System","versions":[{"version":"1.0","status":"affected"}],"modules":["Image Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in PHPGurukul eLearning System 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /user/index.php der Komponente Image Handler. Dank Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2025-03-23T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-03-23T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-03-23T10:30:09.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.300708","name":"VDB-300708 | PHPGurukul eLearning System Image index.php unrestricted upload","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.300708","name":"VDB-300708 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.521454","name":"Submit #521454 | PHPGurukul eLearning System V1.0 Unrestricted Upload","tags":["third-party-advisory"]},{"url":"https://github.com/ARPANET-cyber/CVE/issues/14","tags":["exploit","issue-tracking"]},{"url":"https://phpgurukul.com/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-24T12:22:06.552305Z","id":"CVE-2025-2687","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-24T12:22:21.869Z"}}]}}