CVE-2024-3768

Name of the Vulnerable Software and Affected Versions PHPGurukul/itsourcecode News Portal version 4.1

Description A critical issue has been found in the processing of the file search.php, where the manipulation of the searchtitle argument leads to sql injection. The attack may be initiated remotely.

Recommendations For PHPGurukul/itsourcecode News Portal version 4.1, consider disabling the search functionality in the search.php file until a patch is available. Restrict access to the search.php file to minimize the risk of exploitation. Avoid using the searchtitle argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.