CVE-2024-28323

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28323
The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation. The script retrieves user-provided date inputs without proper validation, making it susceptible to SQL injection attacks.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://packetstormsecurity.com/files/177168/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection.html Exploit
https://sospiro014.github.io/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection Exploit Third Party Advisory
https://packetstormsecurity.com/files/177168/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection.html Exploit
https://sospiro014.github.io/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:user_registration_\&_login_and_user_management_system:3.1:*:*:*:*:*:*:*
History

01 Apr 2025, 16:16

Type Values Removed Values Added
First Time Phpgurukul
Phpgurukul user Registration \& Login And User Management System
CPE cpe:2.3:a:phpgurukul:user_registration_\&_login_and_user_management_system:3.1:*:*:*:*:*:*:*
References () https://packetstormsecurity.com/files/177168/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection.html - () https://packetstormsecurity.com/files/177168/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection.html - Exploit
References () https://sospiro014.github.io/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection - () https://sospiro014.github.io/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection - Exploit, Third Party Advisory
Information

Published : 2024-03-14 14:15

Updated : 2025-04-01 16:16

NVD link : CVE-2024-28323

Mitre link : CVE-2024-28323

CVE.ORG link : CVE-2024-28323

JSON object : View

Products Affected

phpgurukul

  • user_registration_\&_login_and_user_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')