SQL Injection Vulnerability Discovered in COVID-19 Testing Management System
CVE-2024-53603

7.3HIGH

Key Information:

Vendor: PHPGurukul
Status: Covid19 Testing Management System
Vendor: CVE Published:; 27 November 2024

What is CVE-2024-53603?

A SQL Injection vulnerability exists in the PHPGurukul COVID 19 Testing Management System v1.0, specifically in the password recovery functionality. This flaw permits remote attackers to execute arbitrary code by manipulating the 'contactno' parameter in a POST request. If exploited, this vulnerability poses a significant threat, allowing unauthorized access and potential compromise of the system.

References

https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Ph...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2024
Vulnerability Reserved
Nov 20, 2024

CVE-2024-53603 Data

JSON