CVE-2024-10162

Name of the Vulnerable Software and Affected Versions PHPGurukul Boat Booking System version 1.0

Description A critical issue has been found in the PHPGurukul Boat Booking System, affecting the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the arguments sadminusername, fullname, emailid, and mobilenumber leads to SQL injection. The attack can be initiated remotely. It is assumed that multiple parameters are affected, not just mobilenumber as initially mentioned.

Recommendations For PHPGurukul Boat Booking System version 1.0, consider disabling the Edit Subdomain Details Page or restricting access to the /admin/edit-subadmin.php file until a patch is available. As a temporary workaround, avoid using the parameters sadminusername, fullname, emailid, and mobilenumber in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.