CVE-2024-44641

Name of the Vulnerable Software and Affected Versions PHPGurukul Small CRM version 3.0

Description PHPGurukul Small CRM version 3.0 contains a SQL Injection flaw. This issue affects the change-password.php file through the oldpass parameter. The flaw could allow an attacker to inject malicious SQL code, potentially gaining unauthorized access to the database.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the change-password.php file. Sanitize the oldpass parameter before using it in any database queries.