CVE-2024-48744

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 16, 2024 / Updated: 34d ago

010
CVSS 6.1EPSS 0.04%Medium
CVE info copied to clipboard

A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48744

Oct 16, 2024 at 3:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48744. See article

Oct 16, 2024 at 3:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 16, 2024 at 3:24 PM
CVSS

A CVSS base score of 6.1 has been assigned.

Oct 16, 2024 at 6:40 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 17, 2024 at 10:04 AM
Static CVE Timeline Graph

Affected Systems

Phpgurukul/teachers_record_management_system
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

CVE Alert: CVE-2024-48744
Everyone that supports the site helps enable new functionality. Please refer to vendor documentation for updates.
NA - CVE-2024-48744 - A Reflected Cross Site Scripting (XSS)...
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary...
CVE-2024-48744
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request...
CVE-2024-48744 - PHPGurukul Teachers Record Management System Reflected Cross Site Scripting (XSS)
CVE ID : CVE-2024-48744 Published : Oct. 16, 2024, 3:15 p.m. 21 minutes ago Description : A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-48744
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Changed
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI