PT-2024-34377 · Unknown · Phpgurukul Online Course Registration System

Burak

Published

2024-05-17

Updated

2025-03-03

CVE-2024-5065

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Course Registration System version 3.1

Description: A critical vulnerability has been found in the PHPGurukul Online Course Registration System. The issue is related to the manipulation of the regno argument, which leads to SQL injection. This can be exploited remotely.

Recommendations: For PHPGurukul Online Course Registration System version 3.1, consider restricting access to the /onlinecourse/ endpoint until a patch is available. As a temporary workaround, avoid using the regno argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-5065

Affected Products

Phpgurukul Online Course Registration System

PT-2024-34377 · Unknown · Phpgurukul Online Course Registration System

CVE-2024-5065

Weakness Enumeration

Related Identifiers

Affected Products

References · 9