SQL Injection Flaw in PHPGurukul Emergency Ambulance Hiring Portal
CVE-2024-3087

7.3HIGH

Key Information:

Vendor
PHPgurukul
Status
Emergency Ambulance Hiring Portal
Vendor
CVE Published:
30 March 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

A serious SQL injection vulnerability has been discovered in the PHPGurukul Emergency Ambulance Hiring Portal version 1.0, specifically impacting the ambulance-tracking.php file. This vulnerability arises from improper sanitization of user input through the 'searchdata' parameter, allowing malicious actors to execute arbitrary SQL commands remotely. Successful exploitation could lead to unauthorized access to sensitive data from the backend database, causing significant risks to data confidentiality and integrity. Users and administrators are urged to apply the necessary security patches and implement input validation measures to safeguard against potential attacks.

Affected Version(s)

Emergency Ambulance Hiring Portal 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-3087 - Proof of Concept

References

https://vuldb.com/?id.258680
vdb-entrytechnical-description
https://vuldb.com/?ctiid.258680
signaturepermissions-required
https://vuldb.com/?submit.306961
third-party-advisory

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

dhabaleshwar (VulDB User)
.