CVE-2024-13004: PHPGurukul Complaint Management System category.php sql injection
First published: Sun Dec 29 2024(Updated: )
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/category.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Complaint Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-13004?
CVE-2024-13004 is classified as a critical vulnerability.
How does CVE-2024-13004 affect the PHPGurukul Complaint Management System?
CVE-2024-13004 allows for SQL injection through manipulation of the 'state' argument in the /admin/category.php file.
Can CVE-2024-13004 be exploited remotely?
Yes, CVE-2024-13004 can be exploited remotely.
What action should be taken to remediate CVE-2024-13004?
To remediate CVE-2024-13004, sanitize user inputs to prevent SQL injection vulnerabilities.
Which versions of PHPGurukul Complaint Management System are impacted by CVE-2024-13004?
CVE-2024-13004 affects PHPGurukul Complaint Management System version 1.0.
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/phpgurukul
- canonical/complaint management system