CVE-2024-57687

Name of the Vulnerable Software and Affected Versions PHPGurukul Land Record System version 1.0

Description An OS Command Injection issue was found in the /landrecordsys/admin/dashboard.php file, allowing remote attackers to execute arbitrary code via the Cookie GET request parameter. This issue enables attackers to inject and execute OS commands, potentially leading to unauthorized access and control.

Recommendations For PHPGurukul Land Record System version 1.0, consider disabling access to the /landrecordsys/admin/dashboard.php file until a patch is available. Restrict the use of the Cookie parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.