CVE-2024-34987: SQL Injection
First published: Mon Jun 03 2024(Updated: )
A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Online Fire Reporting System | ||
| Online Fire Reporting System | =1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-34987?
CVE-2024-34987 is classified as a critical vulnerability due to its ability to allow unauthorized access via SQL injection.
How do I fix CVE-2024-34987?
To fix CVE-2024-34987, you should validate and sanitize user inputs and implement prepared statements in the affected script.
What software is affected by CVE-2024-34987?
CVE-2024-34987 affects PHPGurukul Online Fire Reporting System version 1.2.
Can CVE-2024-34987 be exploited remotely?
Yes, CVE-2024-34987 can be exploited remotely by targeting the login page with crafted SQL commands.
What are the potential impacts of exploiting CVE-2024-34987?
Exploiting CVE-2024-34987 can lead to unauthorized access to sensitive information and administrative functionalities.
- agent/weakness
- agent/type
- agent/description
- agent/author
- agent/references
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/phpgurukul
- canonical/online fire reporting system
- version/online fire reporting system/1.2