CVE-2024-3691 HIGH

CVE-2024-3691: PHPGurukul Small CRM Registration Page sql injection

Vendor Phpgurukul

Product Small CRM

Weakness CWE-89 · SQLi

Published April 12, 2024

Last update August 12, 2024

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480.

Key dates

02Disclosure timeline

April 12, 2024 CVE published

August 12, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3691

Related vulnerabilities

04Related CVE

CVE-2026-1546 jishenghua jshERP com.jsh.erp.datasource.mappers.DepotItemMapperEx importItemExcel getBillItemByParam sql injection CVE-2024-13979 St. Joe ERP System SingleRowQueryConverter SQL Injection CVE-2019-25440 WebIncorp ERP Every version SQL Injection via product_detail.php CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection