SQL Injection Vulnerability in PHPGurukul Small CRM Software
CVE-2024-44644

6.5MEDIUM

Key Information:

Vendor: PHPGurukul
Status: Small CRM
Vendor: CVE Published:; 17 November 2025

What is CVE-2024-44644?

PHPGurukul Small CRM version 3.0 is compromised due to a SQL Injection vulnerability that can be exploited through the frm_id and aremark parameters in the manage-tickets.php file. This flaw allows an attacker to manipulate SQL queries, potentially leading to unauthorized access to sensitive data within the application. It is crucial for users of this CRM software to implement security measures and updates to prevent exploitation of this vulnerability.

References

https://phpgurukul.com/small-crm-php/

https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Aug 21, 2024

JSON