CVE-2025-28011

A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt