VDB-286191 · CVE-2024-11818 · GCVE-100-286191

PHPGurukul User Registration & Login and User Management System /signup.php SQL Injection

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin PHPGurukul User Registration & Login and User Management System 1.0. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /signup.php na cikin fayil, $software_component na cikin sashi. Ngam manipulation of the argument email shi SQL Injection. CWE shidin ka a yi bayani matsala sai ya kai CWE-89. Gaskiya, laifi an fitar da shi 11/26/2024. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2024-11818. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 Goyarwa · 97 Datenpunkte

Furɗe	Súgá 11/26/2024 17:56	Gargadi 1/2 11/27/2024 10:46	Gargadi 2/2 12/03/2024 16:43
software_vendor	PHPGurukul	PHPGurukul	PHPGurukul
software_name	User Registration & Login and User Management System	User Registration & Login and User Management System	User Registration & Login and User Management System
software_version	1.0	1.0	1.0
software_file	/signup.php	/signup.php	/signup.php
software_argument	email	email	email
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/wackymaker/CVE/issues/3	https://github.com/wackymaker/CVE/issues/3	https://github.com/wackymaker/CVE/issues/3
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/wackymaker/CVE/issues/3	https://github.com/wackymaker/CVE/issues/3	https://github.com/wackymaker/CVE/issues/3
source_cve	CVE-2024-11818	CVE-2024-11818	CVE-2024-11818
cna_responsible	VulDB	VulDB	VulDB
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	8.1
cvss3_meta_tempscore	6.6	6.9	7.9
cvss4_vuldb_bscore	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5
advisory_date	1732575600 (11/26/2024)	1732575600 (11/26/2024)	1732575600 (11/26/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cve_nvd_summary		A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		6.9	6.9
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		7.3	7.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		7.5	7.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad clasificada como crítica en PHPGurukul User Registration & Login and User Management System 1.0. Afecta a una parte desconocida del archivo /signup.php. La manipulación del argumento email provoca una inyección SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8

◂ Gurɗo Gumti Gada ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!