SQL Injection Vulnerability in PHPGurukul Small CRM Product
CVE-2024-12999
5.3MEDIUM
What is CVE-2024-12999?
A security vulnerability exists within the PHPGurukul Small CRM version 1.0, specifically in the /admin/edit-user.php file. This flaw arises from improper handling of the 'id' argument, allowing for SQL injection attacks. Such vulnerabilities can enable malicious actors to execute arbitrary SQL commands, potentially compromising the underlying database and its integrity. The risk is heightened as this exploit can be initiated remotely, making it crucial for users and administrators to address this issue promptly to safeguard their data and application functionality.
Affected Version(s)
Small CRM 1.0