PT-2024-23704 · Unknown · Phpgurukul Cyber Cafe Management System
Published
2024-04-17
·
Updated
2024-07-03
·
CVE-2024-30982
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
phpgurukul Cyber Cafe Management System Using PHP & MySQL version 1.0
Description
The issue allows attackers to run arbitrary SQL commands via the
upid parameter in the "/view-user-detail.php" file. This enables attackers to potentially extract or modify sensitive data.Recommendations
For phpgurukul Cyber Cafe Management System Using PHP & MySQL version 1.0, consider disabling the
/view-user-detail.php file or restricting access to the upid parameter until a patch is available. Avoid using the upid parameter in the affected API endpoint until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Cyber Cafe Management System