CVE-2025-4863

Published May 18th, 2025

View on NVD ↗

CVSS v3

6.3

MEDIUM

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

kuppamjohari/advaya-gems-sql-injection-poc

Proof of Concept (PoC) for a High-Severity SQL Injection Vulnerability (Boolean- and Time-Based Blind) in Advaya GEMS ERP Portal's userId parameter. Demonstrates database enumeration using GEMS_POC.py. Includes vulnerability report with remediation steps. For security research and authorized testing only.

GitHub