Email Parameter Vulnerability Exposes Men Salon Management System to SQL Injection Attacks
CVE-2024-30998

9.8CRITICAL

Key Information:

Vendor: PHPGurukul
Status: Men Salon Management System
Vendor: CVE Published:; 3 April 2024

What is CVE-2024-30998?

The PHPGurukul Men Salon Management System v.2.0 is susceptible to an SQL Injection vulnerability that could allow remote attackers to execute arbitrary SQL commands through the 'email' parameter in the index.php component. This flaw enables unauthorized access to sensitive information, potentially compromising the integrity and confidentiality of the system. System administrators are urged to apply the necessary patches and validate input data to mitigate this risk.

References

https://github.com/efekaanakkar/CVEs/blob/main/PHPGurukul...

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2024

CVE-2024-30998 Data

JSON