SQL Injection Vulnerability in PHPGurukul Medical Card Generation System
CVE-2024-10298

7.2HIGH

Key Information:

Vendor: PHPgurukul
Status: Medical Card Generation System
Vendor: CVE Published:; 23 October 2024

What is CVE-2024-10298?

A significant SQL injection vulnerability has been identified in the PHPGurukul Medical Card Generation System version 1.0, specifically affecting the Managecard Edit Card Detail Page located at /admin/edit-card-detail.php. This flaw allows an attacker to manipulate the 'editid' parameter, potentially executing malicious SQL queries against the database. As this vulnerability can be exploited remotely, it poses a serious risk to the confidentiality and integrity of sensitive data managed by the system. Users are urged to implement security measures promptly to mitigate the risks associated with this vulnerability and maintain the security of their medical card administration systems.

Affected Version(s)

Medical Card Generation System 1.0

References

https://vuldb.com/?id.281565

vdb-entrytechnical-description

https://vuldb.com/?ctiid.281565

signaturepermissions-required

https://vuldb.com/?submit.427403

third-party-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2024

Credit

Delvy (VulDB User)

PHPgurukul

What is CVE-2024-10298?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit