CVE-2024-10301

Name of the Vulnerable Software and Affected Versions PHPGurukul Medical Card Generation System version 1.0

Description A critical issue was found in the Search component of the system, specifically in the /admin/search-medicalcard.php file. The manipulation of the searchdata argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For PHPGurukul Medical Card Generation System version 1.0, as a temporary workaround, consider restricting access to the /admin/search-medicalcard.php file until a patch is available. Avoid using the searchdata argument in the affected API endpoint until the issue is resolved.