SQL Injection Vulnerability in PHPGurukul Online Course Registration System
CVE-2024-5063

9.8CRITICAL

Key Information:

Vendor: PHPGurukul
Status: Online Course Registration System
Vendor: CVE Published:; 17 May 2024

What is CVE-2024-5063?

A significant vulnerability has been identified in PHPGurukul's Online Course Registration System version 3.1, specifically within the /admin/index.php file. This flaw allows remote attackers to exploit SQL Injection techniques by manipulating the username and password arguments. The exploitation of this vulnerability can result in unauthorized access to sensitive information and systems. Given its public disclosure and the potential for exploitation, it is crucial for users of this software to apply necessary security patches and adopt preventative measures to safeguard their systems against such security risks.

References

https://vuldb.com/?id.264922

https://vuldb.com/?ctiid.264922

https://vuldb.com/?submit.336236

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024