SQL Injection in PHPGurukul User Registration System /signup.php (CVE-2024-11818)

Key Information 1. Vulnerability Name: - PHPGurukul User Registration & Login and User Management System /signup.php SQL Injection 2. Vulnerability ID: - VDB-286191 - CVE-2024-11818 3. CVSS Meta Temp Score: - 6.9 4. Current Vulnerability Price: - $0-$5k 5. CTI Interest Score: - 0.18 6. Vulnerability Description: - A SQL injection vulnerability exists in PHPGurukul User Registration & Login and User Management System 1.0, affecting an unknown part of the file . Manipulating the parameter with unknown input can lead to SQL injection. CWE classifies this issue as CWE-89. 7. Impact: - Affects an unknown part of the file . - The vulnerability allows SQL commands to be constructed via externally influenced input, which is not properly neutralized or sanitized, potentially leading to modification of SQL commands in downstream components. - Impacts the confidentiality, integrity, and availability of data. 8. CVE Description: - A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 9. Exploitability: - Exploitability is reported to be easy. It is possible to initiate the attack remotely. No form of authentication is required for exploitation. Technical details and a public exploit are known. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK. 10. Exploit Download: - The exploit is shared for download at github.com. 11. Exploit Type: - The exploit is declared as proof-of-concept. 12. Search Suggestions: - By searching for inurl:signup.php, it is possible to find vulnerable targets using Google Hacking. 13. Recommended Mitigation: - There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. 14. Related Vulnerabilities: - Entries connected to this vulnerability are available at VDB-254388, VDB-256040, VDB-282870, and VDB-284679.

Goal Reached Thanks to every supporter — we hit 100%!

SQL Injection in PHPGurukul User Registration System /signup.php (CVE-2024-11818)