SQL Injection Vulnerability in PHPGurukul Vehicle Record System
CVE-2024-10331

8.8HIGH

Key Information:

Vendor: PHPgurukul
Status: Vehicle Record System
Vendor: CVE Published:; 24 October 2024

What is CVE-2024-10331?

A serious SQL injection vulnerability has been identified in PHPGurukul's Vehicle Record System version 1.0, specifically within the /admin/search-vehicle.php file. This security flaw arises from improper processing of the 'searchinputdata' parameter, which can be manipulated to execute arbitrary SQL commands. As a result, attackers can exploit this vulnerability remotely, potentially leading to unauthorized access to the database and exposure of sensitive information. Given the public disclosure of the exploit, it is crucial for users of the affected software to implement immediate security measures to mitigate this risk.

Affected Version(s)

Vehicle Record System 1.0

References

https://vuldb.com/?id.281675

vdb-entrytechnical-description

https://vuldb.com/?ctiid.281675

signaturepermissions-required

https://vuldb.com/?submit.427426

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2024
Vulnerability Reserved
Oct 24, 2024

Credit

Delvy (VulDB User)

PHPgurukul

What is CVE-2024-10331?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit