CVE-2024-44630

Name of the Vulnerable Software and Affected Versions PHPGurukul Student Record System version 3.20

Description The Student Record System contains multiple parameters in the ‘register.php’ file that are susceptible to SQL injection. The following parameters are affected: c-full, fname, mname, lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1, marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all input received through the affected parameters in the ‘register.php’ file to prevent SQL injection attacks.