CVE-2024-25351

Name of the Vulnerable Software and Affected Versions PHPGurukul Zoo Management System version 1.0

Description The issue allows attackers to run arbitrary SQL commands via the editid parameter in the /zms/admin/changeimage.php API endpoint. This enables attackers to potentially extract or modify sensitive data.

Recommendations For PHPGurukul Zoo Management System version 1.0, consider restricting access to the /zms/admin/changeimage.php API endpoint until a patch is available. As a temporary workaround, avoid using the editid parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.