SQL Injection Vulnerability in PHPGurukul Medical Card Generation System
CVE-2024-10300

7.2HIGH

Key Information:

Vendor: PHPGurukul
Status: Medical Card Generation System
Vendor: CVE Published:; 23 October 2024

What is CVE-2024-10300?

A serious SQL injection vulnerability has been discovered in the PHPGurukul Medical Card Generation System version 1.0, specifically in the View Enquiry Page component located at /admin/view-enquiry.php. This vulnerability arises from improper handling of the 'viewid' parameter, allowing an attacker to craft malicious input that can manipulate SQL queries executed by the application, potentially exposing sensitive data or allowing unauthorized actions. Remote attackers are able to exploit this vulnerability, raising significant security concerns for users of the system. Immediate attention and patching are recommended to safeguard against potential exploitation.

References

https://vuldb.com/?id.281567

https://vuldb.com/?ctiid.281567

https://vuldb.com/?submit.427404

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2024