SQL Injection Vulnerability in PHPGurukul Small CRM 1.0
CVE-2024-13001

5.3MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Small Crm
Vendor: CVE Published:; 29 December 2024

What is CVE-2024-13001?

An SQL injection vulnerability exists in PHPGurukul Small CRM 1.0, specifically in the handling of the email parameter within the /admin/index.php file. This security flaw allows an attacker to manipulate inputs and execute arbitrary SQL commands via a remote connection, significantly compromising the database security. As this issue has been publicly disclosed, it poses a serious risk to systems running the affected version of the product, making it crucial for administrators to apply appropriate security measures and updates to mitigate potential exploits.

Affected Version(s)

Small CRM 1.0

References

https://vuldb.com/?id.289662

vdb-entrytechnical-description

https://vuldb.com/?ctiid.289662

signaturepermissions-required

https://vuldb.com/?submit.469317

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 28, 2024

Credit

Havook (VulDB User)