Cross-Site Scripting Vulnerability in Phpgurukul Vehicle Record Management System
CVE-2024-51224

4.8MEDIUM

Key Information:

Vendor: Phpgurukul
Status: Vehicle Record Management System
Vendor: CVE Published:; 23 March 2026

What is CVE-2024-51224?

The Phpgurukul Vehicle Record Management System v1.0 is susceptible to multiple cross-site scripting vulnerabilities, specifically in the /admin/edit-vehicle.php component. Attackers can exploit this flaw to execute arbitrary web scripts or HTML by injecting specially crafted payloads into the parameters: vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, and enginenumber. This exposes users to potential session hijacking, data manipulation, and other nefarious activities.

References

https://github.com/Buckdray/vulnerability-research

https://github.com/Buckdray/vulnerability-research/tree/m...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2026
Vulnerability Reserved
Oct 28, 2024

CVE-2024-51224 Data

JSON