How severe is CVE-2025-5249?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2025-5249?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2025-5249 - MEDIUM Severity | CVSS 7.3

Vulnerability Description

A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-category.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2015-8800

HIGH

CVSS:7.3(High)

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical Sy...

CWE-742015

CVE-2017-20197

MEDIUM

CVSS:7.3(High)

A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /i...

CWE-742017

CVE-2018-20914

HIGH

CVSS:7.3(High)

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).

CWE-742018

CVE-2020-15255

HIGH

CVSS:7.3(High)

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example...

CWE-742020

CVE-2021-0553

HIGH

CVSS:7.3(High)

In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges...

CWE-742021

CVE-2021-27614

HIGH

CVSS:7.3(High)

SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application....

CWE-742021