CVE-2023-0527

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Security Guards Hiring System version 1.0

Description A vulnerability was found in the PHPGurukul Online Security Guards Hiring System, affecting some unknown functionality of the file search-request.php. The manipulation of the searchdata argument with the input "> leads to cross-site scripting. The attack may be launched remotely. Additionally, a file upload vulnerability allows a remote attacker to execute arbitrary code via a crafted php file to the osghs/admin/images file.

Recommendations For PHPGurukul Online Security Guards Hiring System version 1.0, consider disabling the search-request.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the searchdata argument in the affected API endpoint until the issue is resolved. Restrict access to the osghs/admin/images file to minimize the risk of exploitation.