{"vulnerability": "CVE-2025-4072", "sightings": [{"uuid": "1ec294f7-6041-4455-92d6-0820dc49f473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4072", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lny2ikvfey22", "content": "", "creation_timestamp": "2025-04-29T19:50:38.112204Z"}, {"uuid": "2a52a634-7309-47d2-8be8-c53331ba2ecd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40721", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lthhlebwrq2s", "content": "", "creation_timestamp": "2025-07-08T14:00:40.289244Z"}, {"uuid": "55b58dfc-3923-498a-a2cb-9c8fdbcb29ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40722", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lt2yvotrck2q", "content": "", "creation_timestamp": "2025-07-03T15:06:06.294420Z"}, {"uuid": "1dca0120-4b15-4072-86f7-0d4ee0ae2059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40723", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lt32gbpw262m", "content": "", "creation_timestamp": "2025-07-03T15:33:14.234355Z"}, {"uuid": "af80298e-ab9a-4722-9cac-657a5b64d0a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40725", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lyibtcojlq2d", "content": "", "creation_timestamp": "2025-09-10T12:56:22.340269Z"}, {"uuid": "c3d96206-dd97-4e78-8452-4b97731027e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40728", "type": "seen", "source": "Telegram/LkeoSpPVLo2SQbUaYktcpIv-BNCeaUg0ZAIrpwJQlcqbnWk", "content": "", "creation_timestamp": "2025-06-16T09:32:44.000000Z"}, {"uuid": "f71b9ebd-fbf5-424b-9d59-60f15bf4374f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40727", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18424", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40727\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search'\u00a0in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's'\u00a0GET parameter.\n\ud83d\udccf Published: 2025-06-16T08:20:30.834Z\n\ud83d\udccf Modified: 2025-06-16T08:20:30.834Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-phoenix-cms", "creation_timestamp": "2025-06-16T08:37:11.000000Z"}, {"uuid": "35bb6769-2948-4e59-820c-70ba17d0d8b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4072", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13865", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4072\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.\n\ud83d\udccf Published: 2025-04-29T16:31:04.915Z\n\ud83d\udccf Modified: 2025-04-29T16:31:04.915Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.306509\n2. https://vuldb.com/?ctiid.306509\n3. https://vuldb.com/?submit.559939\n4. https://github.com/Iandweb/CVE/issues/1\n5. https://phpgurukul.com/", "creation_timestamp": "2025-04-29T17:11:57.000000Z"}, {"uuid": "2af75e3d-4abe-40e5-8e05-fda5fc583670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40726", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18433", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40726\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter.\n\ud83d\udccf Published: 2025-06-16T08:26:49.761Z\n\ud83d\udccf Modified: 2025-06-16T08:28:03.524Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-reflected-nosto", "creation_timestamp": "2025-06-16T09:38:04.000000Z"}, {"uuid": "3f2f8f08-f41a-4cdf-95a2-b17dd5f50b0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40728", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18432", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40728\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint.\n\ud83d\udccf Published: 2025-06-16T08:29:07.944Z\n\ud83d\udccf Modified: 2025-06-16T08:29:07.944Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-customer-support-system", "creation_timestamp": "2025-06-16T09:38:03.000000Z"}, {"uuid": "f0b61856-5173-49f5-bb91-0480d8cda155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40729", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18431", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40729\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.\n\ud83d\udccf Published: 2025-06-16T08:30:21.480Z\n\ud83d\udccf Modified: 2025-06-16T08:30:21.480Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-customer-support-system", "creation_timestamp": "2025-06-16T09:38:02.000000Z"}, {"uuid": "7d3edcb8-4773-46b2-98eb-098dc9206bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4072", "type": "seen", "source": "https://t.me/cvedetector/24043", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4072 - PHPGurukul Online Nurse Hiring System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4072 \nPublished : April 29, 2025, 5:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T21:01:18.000000Z"}]}