SQL Injection Vulnerability in PHPGurukul Small CRM Product
CVE-2024-12999

5.3MEDIUM

Key Information:

Vendor

PHPgurukul
Status
Small Crm
Vendor
CVE Published:
29 December 2024

What is CVE-2024-12999?

A security vulnerability exists within the PHPGurukul Small CRM version 1.0, specifically in the /admin/edit-user.php file. This flaw arises from improper handling of the 'id' argument, allowing for SQL injection attacks. Such vulnerabilities can enable malicious actors to execute arbitrary SQL commands, potentially compromising the underlying database and its integrity. The risk is heightened as this exploit can be initiated remotely, making it crucial for users and administrators to address this issue promptly to safeguard their data and application functionality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Small CRM 1.0

References

https://vuldb.com/?id.289660
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289660
signaturepermissions-required
https://vuldb.com/?submit.469311
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Credit

Fergod (VulDB User)
JSON
.