Key Information 1. Vulnerability ID: - VDB-281564 - CVE-2024-10297 2. Vulnerability Name: - PHPGURUKUL MEDICAL CARD GENERATION SYSTEM 1.0 - MANAGECARD EDIT IMAGE PAGE - /ADMIN/CHANGEIMAGE.PHP EDITID SQL INJECTION 3. CVSS Meta Temp Score: - 4.3 4. Current Vulnerability Price: - $0-$5k 5. CTI Interest Score: - 0.96 6. Affected Component: - Managecard Edit Image Page 7. Affected File: - /admin/changeimage.php 8. Vulnerability Description: - This vulnerability exists in an unknown part of PHPGurukul Medical Card Generation System 1.0, affecting the Managecard Edit Image Page component and the /admin/changeimage.php file. - By manipulating the parameter with untrusted input, an SQL injection vulnerability is triggered. - The issue is described using CWE-89: constructing SQL commands using external, untrusted input from upstream components without properly neutralizing or escaping special elements, which may allow downstream SQL commands to be modified. - Impacts confidentiality, integrity, and availability. 9. Vulnerability Mitigation: - Assigned CVE ID: CVE-2024-10297. - Exploitation requires low privileges. - Vulnerable targets can be identified via Google Hacking by searching for . - No known mitigations are currently available. 10. Related Vulnerability IDs: - VDB-235234 - VDB-235242 - VDB-235677 - VDB-235679 11. Product: - PHPGURUKUL MEDICAL CARD GENERATION SYSTEM 1.0 Summary This vulnerability is an SQL injection flaw affecting the Managecard Edit Image Page component in PHPGurukul Medical Card Generation System 1.0. It is triggered by manipulating the parameter with untrusted input. Exploitation is relatively easy and vulnerable targets can be discovered via Google Hacking. Currently, no known mitigations are available.