CVE-2023-50035

Name of the Vulnerable Software and Affected Versions PHPGurukul Small CRM version 3.0

Description The issue is related to SQL Injection on the Users login panel. This occurs because the password parameter is directly used in the SQL query without any sanitization, allowing the SQL Injection payload to be executed.

Recommendations For PHPGurukul Small CRM version 3.0, consider disabling the login functionality until a patch is available to prevent exploitation of the SQL Injection vulnerability. Restrict access to the Users login panel to minimize the risk of exploitation. Avoid using the password parameter in the affected login panel until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.