CVE-2024-48279

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 15, 2024 / Updated: 35d ago

010
CVSS 7.6EPSS 0.04%High
CVE info copied to clipboard

A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48279

Oct 15, 2024 at 1:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48279. See article

Oct 15, 2024 at 1:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 15, 2024 at 1:21 PM
CVSS

A CVSS base score of 7.6 has been assigned.

Oct 15, 2024 at 4:41 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 16, 2024 at 9:57 AM
Static CVE Timeline Graph

Affected Systems

Phpgurukul
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

Update Thu Oct 31 14:35:57 UTC 2024
Update Thu Oct 31 14:35:57 UTC 2024
NA - CVE-2024-48279 - A HTML Injection vulnerability was found in...
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration &Login and User Management System 3.2. This vulnerability allows remote attackers to execute...
CVE-2024-48279 | PHPGurukul User Registration & Login and User Management System /search-result.php cross site scripting
A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.2 and classified as problematic . This issue affects some unknown processing of the file /search-result.php . The manipulation of the argument searchkey leads to basic cross site scripting. The identification of this vulnerability is CVE-2024-48279 . The attack may be initiated remotely. There is no exploit available.
CVE-2024-48279 - PHPGurukul User Registration & Login and User Management System HTML Injection
CVE ID : CVE-2024-48279 Published : Oct. 15, 2024, 1:15 p.m. 16 minutes ago Description : A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request. Severity: 0.0
CVE-2024-48279
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request.
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI