How severe is CVE-2025-4861?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2025-4861?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2025-4861

MEDIUM Year: 2025

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-74

View all →

Vulnerability Description

A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2005-3056

CRITICAL

CVSS:9.8(Critical)

TWiki allows arbitrary shell command execution via the Include function

CWE-742005

CVE-2011-2717

CRITICAL

CVSS:9.8(Critical)

The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message...

CWE-742011

CVE-2012-1495

CRITICAL

CVSS:9.8(Critical)

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.

CWE-742012

CVE-2013-1437

CRITICAL

CVSS:9.8(Critical)

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

CWE-742013