CVE-2024-3690: PHPGurukul Small CRM Change Password sql injection
First published: Fri Apr 12 2024(Updated: )
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPGurukul Small CRM | =3.0 | |
| PHPGurukul Small CRM | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-3690?
CVE-2024-3690 is classified as a critical vulnerability.
What component is affected by CVE-2024-3690?
CVE-2024-3690 affects the Change Password Handler component of PHPGurukul Small CRM 3.0.
What type of vulnerability is CVE-2024-3690?
CVE-2024-3690 is identified as an SQL injection vulnerability.
Can the CVE-2024-3690 vulnerability be exploited remotely?
Yes, CVE-2024-3690 can be exploited remotely.
How do I fix CVE-2024-3690?
To fix CVE-2024-3690, update PHPGurukul Small CRM to a patched version or secure the Change Password Handler against SQL injection.
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/phpgurukul
- canonical/phpgurukul small crm
- version/phpgurukul small crm/3.0