SQL Injection Vulnerability in PHPGurukul Online Course Registration System
CVE-2024-5064

9.8CRITICAL

Key Information:

Vendor: PHPGurukul
Status: Online Course Registration System
Vendor: CVE Published:; 17 May 2024

What is CVE-2024-5064?

A security vulnerability has been identified in PHPGurukul's Online Course Registration System version 3.1, which poses a significant risk due to SQL injection capabilities. This vulnerability arises from the improper processing of inputs in the file 'news-details.php', specifically concerning the manipulation of the 'nid' argument. Attackers can exploit this weakness remotely, potentially gaining unauthorized access to sensitive database information. As this exploit has been publicly disclosed, immediate attention is needed to mitigate possible attacks targeting this flaw. Organizations using this system are advised to apply patches or implement workarounds to secure their installations.

References

https://vuldb.com/?id.264923

https://vuldb.com/?ctiid.264923

https://vuldb.com/?submit.336238

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024