CVE-2024-48279

Name of the Vulnerable Software and Affected Versions PHPGurukul User Registration & Login and User Management System version 3.2

Description A HTML Injection vulnerability was found in the /search-result.php file, allowing remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request. This issue can compromise user data.

Recommendations For PHPGurukul User Registration & Login and User Management System version 3.2, patch immediately and validate all user input to prevent exploitation. As a temporary workaround, consider restricting access to the /search-result.php file or validating the searchkey parameter to minimize the risk of exploitation.