SQL Injection Vulnerability in PHPGurukul Small CRM Product
CVE-2024-12999

5.3MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Small Crm
Vendor
CVE Published:
29 December 2024

Summary

A security vulnerability exists within the PHPGurukul Small CRM version 1.0, specifically in the /admin/edit-user.php file. This flaw arises from improper handling of the 'id' argument, allowing for SQL injection attacks. Such vulnerabilities can enable malicious actors to execute arbitrary SQL commands, potentially compromising the underlying database and its integrity. The risk is heightened as this exploit can be initiated remotely, making it crucial for users and administrators to address this issue promptly to safeguard their data and application functionality.

Affected Version(s)

Small CRM 1.0

References

https://vuldb.com/?id.289660
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289660
signaturepermissions-required
https://vuldb.com/?submit.469311
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database

Credit

Fergod (VulDB User)
.