SQL Injection Vulnerability in PHPGurukul Online Course Registration System
CVE-2024-5065

9.8CRITICAL

Key Information:

Vendor: PHPGurukul
Status: Online Course Registration System
Vendor: CVE Published:; 17 May 2024

Summary

A serious vulnerability has been identified in the PHPGurukul Online Course Registration System version 3.1, where the 'regno' argument can be manipulated, leading to an unauthorized SQL injection. This flaw enables attackers to execute malicious SQL statements that can compromise the database, extract sensitive information, and disrupt service availability. The vulnerability can be exploited remotely, making it crucial for users of the affected software to take immediate action to secure their systems against potential attacks. With this vulnerability now public knowledge, organizations must prioritize patching or mitigating the risk to safeguard their data integrity.

References

https://vuldb.com/?id.264924

https://vuldb.com/?ctiid.264924

https://vuldb.com/?submit.336239

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024