SQL Injection Vulnerability in PHPGurukul Maid Hiring Management System
CVE-2024-13016

5.3MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Maid Hiring Management System
Vendor
CVE Published:
29 December 2024

Summary

A vulnerability has been identified in PHPGurukul's Maid Hiring Management System version 1.0. This issue arises within the script located at /admin/edit-category.php, where improper handling of the editid argument allows for SQL injection attacks. This vulnerability can be exploited remotely, making it important for users to apply security measures promptly. Having been publicly disclosed, there is growing concern about potential exploitation of this weakness in the software.

Affected Version(s)

Maid Hiring Management System 1.0

References

https://vuldb.com/?id.289707
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289707
signaturepermissions-required
https://vuldb.com/?submit.470480
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Fergod (VulDB User)
.