Abimel S B Kulumala, a cybersecurity researcher, has successfully identified and reported CVE-2025-51092, a severe SQL Injection vulnerability in a popular PHP-based login-signup system. The vulnerability has been officially acknowledged and listed in the National Vulnerability Database (NVD), marking a significant achievement in Abimel’s research efforts.

The issue impacts critical functions such as logIn(), signUp(), and the handling of dynamic $table variables, along with insufficient sanitization in the prepareData() function. Remote attackers can exploit this flaw by injecting malicious SQL commands through vulnerable login and signup inputs or by tampering with the $table parameter.

Exploitation can lead to authentication bypass, sensitive data leakage (usernames, emails, hashed passwords), database manipulation, and privilege escalation, resulting in full compromise of the application’s confidentiality, integrity, and availability.

Reference: CVE-2025-51092 Detail - NVD

About Abimel S B Kulumala:
Abimel S B Kulumala is a cybersecurity researcher with expertise in vulnerability discovery and secure application development. His contributions focus on improving web security by uncovering critical flaws and recommending effective remediation strategies. He is ranked 34 in the list of top 200 cybersecurity professionals Published by Favikon.

Reported by: Abimel S B Kulumala
CVE ID: CVE-2025-51092
Status: Accepted by National Vulnerability Database (NVD)