PT-2024-23705 · Unknown · Phpgurukul Cyber Cafe Management System
Published
2024-04-17
·
Updated
2024-07-03
·
CVE-2024-30983
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
phpgurukul Cyber Cafe Management System Using PHP & MySQL version 1.0
Description
The issue allows attackers to run arbitrary SQL commands via the
compname parameter in the "/edit-computer-detail.php" file. This enables attackers to execute unauthorized database queries, potentially leading to data manipulation or extraction.Recommendations
For phpgurukul Cyber Cafe Management System Using PHP & MySQL version 1.0, consider disabling the
/edit-computer-detail.php file or restricting access to it until a patch is available. Avoid using the compname parameter in the affected API endpoint until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Cyber Cafe Management System