SQL Injection Vulnerability in PHPGurukul Medical Card Generation System
CVE-2024-10299

7.2HIGH

Key Information:

Vendor: PHPGurukul
Status: Medical Card Generation System
Vendor: CVE Published:; 23 October 2024

Summary

A significant vulnerability has been identified in the PHPGurukul Medical Card Generation System version 1.0, specifically in the Managecard View Detail Page located at /admin/view-card-detail.php. This security flaw allows an attacker to perform SQL injection by manipulating the viewid parameter. The remote nature of this exploit means that attackers can execute unauthorized SQL queries on the backend database, potentially leading to data breaches and system compromise. The vulnerability has been publicly disclosed, raising urgent concerns about the security of systems relying on this application. It's essential for organizations using this software to implement corrective measures immediately to mitigate the risks posed by this vulnerability.

References

https://vuldb.com/?id.281566

https://vuldb.com/?ctiid.281566

https://phpgurukul.com/

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2024

Collectors

NVD Database