CRITICAL🇵🇱 Wersja polska

CVE-2024-48283

CVSS 9.8v3.1pub. 2024-10-15upd. 2025-04-04

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter.

🤖 AI Analysis
How it works

The vulnerability exists in the /admin//search-result.php file, where the searchkey parameter passed by the user is not properly validated or filtered before being used in an SQL query. An attacker can inject malicious SQL code directly into this parameter, manipulating the logic of the query executed by the database server. The attack does not require authentication or user interaction, which significantly lowers the threshold for its execution.

Impact

An attacker can gain unauthorized access to the complete database contents (including user and administrator credentials), and depending on the database server configuration — also modify or delete data and potentially execute system commands.

Mitigation & patch

Patches available from the vendor should be applied according to the references. As a temporary measure, it is recommended to restrict access to the administration panel exclusively to trusted IP addresses and implement WAF rules blocking typical SQL Injection patterns.

Who is affected

Phpgurukul User Registration & Login and User Management System version 3.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phpgurukul User Registration \& Login And User Management System

    APP
    Phpgurukul
    3.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-45949CRITICAL9.8PL ✓ten sam produkt

Session Hijacking w PHPGurukul User Management System V3.3

CVE-2020-25952CRITICAL9.8ten sam produkt

SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin pane...

CVE-2024-48280HIGH7.6ten sam produkt

A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User...

CVE-2024-48279HIGH7.6ten sam produkt

A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and Use...

CVE-2024-48282HIGH7.6ten sam produkt

A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and ...