PT-2024-23707 · Unknown · Phpgurukul Complaint Management System

Published

2024-04-17

Updated

2025-04-10

CVE-2024-30986

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions phpgurukul Client Management System using PHP & MySQL version 1.1

Description The issue allows attackers to execute arbitrary code via the "price" and sname parameters in the /edit-services-details.php endpoint. This enables attackers to perform Cross Site Scripting attacks.

Recommendations For phpgurukul Client Management System using PHP & MySQL version 1.1, consider validating and sanitizing user input for the price and sname parameters in the /edit-services-details.php endpoint to prevent arbitrary code execution. As a temporary workaround, restrict access to the /edit-services-details.php endpoint until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-30986

Affected Products

Phpgurukul Complaint Management System

PT-2024-23707 · Unknown · Phpgurukul Complaint Management System

CVE-2024-30986

Weakness Enumeration

Related Identifiers

Affected Products

References · 6