Description

A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process.

Related CPE's

a

phpgurukul

online_fire_reporting_system

1.2

Vulnerable

References

https://github.com/MarkLee131/PoCs/blob/main/CVE-2024-34987.md

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/51989

ExploitThird Party Advisory

https://github.com/MarkLee131/PoCs/blob/main/CVE-2024-34987.md

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/51989

ExploitThird Party Advisory

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-06-03T18:15:09.273Z

1 year ago

Last modified

2025-04-02T22:18:16.300Z

12 months ago