SQL Injection Vulnerability in PHPGurukul Small CRM
CVE-2024-13000

5.3MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Small Crm
Vendor: CVE Published:; 29 December 2024

What is CVE-2024-13000?

A significant SQL injection vulnerability exists within the PHPGurukul Small CRM version 1.0, specifically in the file '/admin/quote-details.php'. This flaw arises from improper handling of user input, allowing attackers to manipulate the argument 'id'. As a result, an attacker can execute arbitrary SQL commands, potentially compromising the database. The issue can be exploited remotely, making it accessible to unauthorized users. Given its public disclosure, it poses a serious threat to systems utilizing this software, emphasizing the urgent need for remediation and patching.

Affected Version(s)

Small CRM 1.0

References

https://vuldb.com/?id.289661

vdb-entrytechnical-description

https://vuldb.com/?ctiid.289661

signaturepermissions-required

https://vuldb.com/?submit.469312

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 28, 2024

Credit

Havook (VulDB User)