SQL Injection Vulnerability in PHPGurukul Small CRM Product
CVE-2024-12999

5.3MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Small Crm
Vendor: CVE Published:; 29 December 2024

What is CVE-2024-12999?

A security vulnerability exists within the PHPGurukul Small CRM version 1.0, specifically in the /admin/edit-user.php file. This flaw arises from improper handling of the 'id' argument, allowing for SQL injection attacks. Such vulnerabilities can enable malicious actors to execute arbitrary SQL commands, potentially compromising the underlying database and its integrity. The risk is heightened as this exploit can be initiated remotely, making it crucial for users and administrators to address this issue promptly to safeguard their data and application functionality.

Affected Version(s)

Small CRM 1.0

References

https://vuldb.com/?id.289660

vdb-entrytechnical-description

https://vuldb.com/?ctiid.289660

signaturepermissions-required

https://vuldb.com/?submit.469311

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2024

Credit

Fergod (VulDB User)