CVE-2024-11964: PHPGurukul Complaint Management system index.php sql injection
First published: Thu Nov 28 2024(Updated: )
A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. This affects an unknown part of the file /user/index.php. The manipulation of the argument emailid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Complaint Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11964?
CVE-2024-11964 is classified as a critical vulnerability.
How does CVE-2024-11964 affect the PHPGurukul Complaint Management system?
CVE-2024-11964 allows for SQL injection through the emailid parameter in the /user/index.php file.
Is it possible to exploit CVE-2024-11964 remotely?
Yes, CVE-2024-11964 can be exploited remotely by an attacker.
Which version of PHPGurukul Complaint Management system is affected by CVE-2024-11964?
CVE-2024-11964 affects version 1.0 of PHPGurukul Complaint Management system.
How can I fix CVE-2024-11964?
To fix CVE-2024-11964, it is recommended to validate and sanitize user inputs, particularly the emailid parameter.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/phpgurukul
- canonical/complaint management system
- version/complaint management system/1.0