PT-2024-23708 · Unknown · Phpgurukul Complaint Management System
Published
2024-04-17
·
Updated
2025-04-10
·
CVE-2024-30987
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
phpgurukul Client Management System version 1.1
Description
The issue allows attackers to execute arbitrary code and obtain sensitive information. This is achieved via the
fromdate and todate parameters in the "/bwdates-reports-ds.php" API endpoint.Recommendations
For phpgurukul Client Management System version 1.1, consider disabling access to the "/bwdates-reports-ds.php" endpoint until a patch is available. As a temporary workaround, restrict the use of the
fromdate and todate parameters to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Complaint Management System