User Registration Login And User Management System
CVE-2024-50843
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets.
AnalysisAI
A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets. Affected products include: Phpgurukul User Registration \& Login And User Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /login
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-res
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allo
A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Manag
A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Managemen
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Manageme
A vulnerability classified as critical was found in PHPGurukul User Registration & Login and User Management System 3.3.
A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System
A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. Rated medium severity
The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a pot
A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management
Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attacke
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today