PT-2023-24968 · Unknown · Phpgurukul User Registration & Login/User Management System
Published
2023-06-29
·
Updated
2023-07-07
·
CVE-2023-34648
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PHPgurukl User Registration Login and User Management System with admin panel version 1.0
Description
A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the "signup.php" endpoint.
Recommendations
For PHPgurukl User Registration Login and User Management System with admin panel version 1.0, consider validating and sanitizing user input in the
signup.php script to prevent the execution of arbitrary code. As a temporary workaround, restrict access to the signup.php endpoint until a proper fix is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul User Registration & Login/User Management System