CVE-2024-30989

Name of the Vulnerable Software and Affected Versions phpgurukul Client Management System using PHP & MySQL version 1.1

Description The issue allows attackers to execute arbitrary code via the cname, comname, state, and city parameters in the "/edit-client-details.php" endpoint. This enables attackers to perform Cross Site Scripting attacks.

Recommendations For phpgurukul Client Management System using PHP & MySQL version 1.1, consider validating and sanitizing user input for the cname, comname, state, and city parameters to prevent arbitrary code execution. As a temporary workaround, restrict access to the "/edit-client-details.php" endpoint until a patch is available. Avoid using the cname, comname, state, and city parameters in the affected endpoint until the issue is resolved.