CVE-2024-12977

A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:complaint_management_system:1.0:*:*:*:-:*:*:*

History

03 Apr 2025, 13:19

Type Values Removed Values Added
CPE cpe:2.3:a:phpgurukul:complaint_management_system:1.0:*:*:*:-:*:*:*
First Time Phpgurukul
Phpgurukul complaint Management System
References () https://github.com/AngrySheep2003/cve/blob/main/Complaint_Management_System_SQL_Injection.md - () https://github.com/AngrySheep2003/cve/blob/main/Complaint_Management_System_SQL_Injection.md - Exploit, Third Party Advisory
References () https://phpgurukul.com/ - () https://phpgurukul.com/ - Product
References () https://vuldb.com/?ctiid.289353 - () https://vuldb.com/?ctiid.289353 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.289353 - () https://vuldb.com/?id.289353 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.469112 - () https://vuldb.com/?submit.469112 - Third Party Advisory, VDB Entry

27 Dec 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-12-27 02:15

Updated : 2025-04-03 13:19


NVD link : CVE-2024-12977

Mitre link : CVE-2024-12977

CVE.ORG link : CVE-2024-12977


JSON object : View

Products Affected

phpgurukul

  • complaint_management_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')