OS Command Injection Vulnerability in PHPGurukul Land Record System
CVE-2024-57687

Currently unrated

Key Information:

Vendor: PHPGurukul
Vendor: CVE Published:; 10 January 2025

Summary

An OS Command Injection vulnerability has been identified in the PHPGurukul Land Record System, particularly in the dashboard.php file located in the /landrecordsys/admin directory. This flaw enables remote attackers to execute arbitrary commands on the server by manipulating the 'Cookie' parameter within a GET request. Such security gaps can compromise the integrity and confidentiality of the application, putting sensitive data and server operations at risk.

References

https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Ph...

Timeline

Vulnerability published
Jan 10, 2025
Vulnerability Reserved
Jan 9, 2025