CVE-2024-10159

CWE-89SQL Injection3 documents3 sources
Severity
6.9MEDIUM
EPSS
0.1%
top 74.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Boat Booking System
Timeline
PublishedOct 20

Description

A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "mobilenumber" to be affect

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-3xm8-g6r2-j83f: A vulnerability classified as critical was found in PHPGurukul Boat Booking System 12024-10-20
CVEList
PHPGurukul Boat Booking System My Profile Page profile.php sql injection2024-10-19
CVE-2024-10159 (MEDIUM CVSS 6.9) | A vulnerability classified as criti | cvebase.io