CVE-2024-53603

Name of the Vulnerable Software and Affected Versions PHPGurukul COVID 19 Testing Management System version 1.0

Description A SQL Injection issue was found in the /covid-tms/password-recovery.php file, allowing remote attackers to execute arbitrary code via the contactno POST request parameter. This enables access to sensitive data.

Recommendations For PHPGurukul COVID 19 Testing Management System version 1.0, consider disabling the password recovery feature in /covid-tms/password-recovery.php until a patch is available. Restrict access to the contactno parameter in the affected API endpoint to minimize the risk of exploitation. Validate all inputs to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.