CVE-2024-48744 — Code Injection in Teachers Record Management System

CWE-94 — Code Injection3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 28.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Teachers Record Management System

Timeline

PublishedOct 16

Description

A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDphpgurukul/teachers_record_management_system2.1

🔴Vulnerability Details

GHSA

GHSA-88j8-mfjr-vw9q: A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers↗2024-10-16

▶

CVEList

CVE-2024-48744: A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers↗2024-10-16

▶