SQL Injection Vulnerability in PHPGurukul Medical Card Generation System
CVE-2024-10297

7.2HIGH

Key Information:

Vendor: PHPgurukul
Status: Medical Card Generation System
Vendor: CVE Published:; 23 October 2024

What is CVE-2024-10297?

A significant vulnerability has been identified within the PHPGurukul Medical Card Generation System version 1.0. Specifically, an SQL injection vulnerability exists in the Managecard Edit Image Page located at /admin/changeimage.php. The issue arises from improper handling of the 'editid' parameter, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to sensitive data. This vulnerability can be exploited remotely, posing a significant risk to organizations utilizing this system. Publicly disclosed exploits may already be available, underscoring the urgency for users to implement effective remediation measures.

Affected Version(s)

Medical Card Generation System 1.0

References

https://vuldb.com/?id.281564

vdb-entrytechnical-description

https://vuldb.com/?ctiid.281564

signaturepermissions-required

https://phpgurukul.com/

product

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2024

PHPgurukul

What is CVE-2024-10297?

Affected Version(s)

References

CVSS V3.1

Timeline