SQL Injection Vulnerability in PHPGurukul Medical Card Generation System
CVE-2024-10297

4.7MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Medical Card Generation System
Vendor
CVE Published:
23 October 2024

Summary

A significant vulnerability has been identified within the PHPGurukul Medical Card Generation System version 1.0. Specifically, an SQL injection vulnerability exists in the Managecard Edit Image Page located at /admin/changeimage.php. The issue arises from improper handling of the 'editid' parameter, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to sensitive data. This vulnerability can be exploited remotely, posing a significant risk to organizations utilizing this system. Publicly disclosed exploits may already be available, underscoring the urgency for users to implement effective remediation measures.

Affected Version(s)

Medical Card Generation System 1.0

References

https://vuldb.com/?id.281564
vdb-entrytechnical-description
https://vuldb.com/?ctiid.281564
signaturepermissions-required
https://phpgurukul.com/
product

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.