CVE-2024-48282

Name of the Vulnerable Software and Affected Versions PHPGurukul User Registration & Login and User Management System version 3.2

Description A SQL Injection issue was found in the /password-recovery.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized database access via the femail parameter in a POST HTTP request.

Recommendations For PHPGurukul User Registration & Login and User Management System version 3.2, consider disabling the /password-recovery.php file or restricting access to it until a patch is available. Avoid using the femail parameter in the affected API endpoint until the issue is resolved.