PT-2025-22804 · Unknown · Phpgurukul Medical Card Generation System

Published

2025-05-23

Updated

2025-06-02

CVE-2024-48704

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Phpgurukul Medical Card Generation System version 1.0

Description The issue concerns HTML Injection in the admin/contactus.php file via the pagedes parameter. This allows for potential malicious code injection.

Recommendations For Phpgurukul Medical Card Generation System version 1.0, consider validating and sanitizing the pagedes parameter in the admin/contactus.php file to prevent HTML Injection. As a temporary workaround, restrict access to the admin/contactus.php file until a proper fix is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-48704

Affected Products

Phpgurukul Medical Card Generation System

PT-2025-22804 · Unknown · Phpgurukul Medical Card Generation System

CVE-2024-48704

Weakness Enumeration

Related Identifiers

Affected Products

References · 6