PT-2024-23709 · Unknown · Phpgurukul Complaint Management System
Published
2024-04-17
·
Updated
2025-04-10
·
CVE-2024-30988
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
phpgurukul Client Management System version 1.1
Description
The issue allows attackers to execute arbitrary code and obtain sensitive information via the "Search bar" in the
/search-invoices.php endpoint. This is a Cross Site Scripting vulnerability.Recommendations
For phpgurukul Client Management System version 1.1, consider disabling the
/search-invoices.php endpoint until a patch is available to prevent exploitation. Restrict access to the search functionality to minimize the risk of arbitrary code execution.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Complaint Management System