CVE-2024-50989

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50989
A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Marriage%20Registration/SQL%20Injction.pdf.pdf Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:online_marriage_registration_system:1.0:*:*:*:*:*:*:*
History

27 Mar 2025, 17:57

Type Values Removed Values Added
First Time Phpgurukul
Phpgurukul online Marriage Registration System
References () https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Marriage%20Registration/SQL%20Injction.pdf.pdf - () https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Marriage%20Registration/SQL%20Injction.pdf.pdf - Exploit, Third Party Advisory
CPE cpe:2.3:a:phpgurukul:online_marriage_registration_system:1.0:*:*:*:*:*:*:*

12 Nov 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-89

12 Nov 2024, 13:55

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de inyección SQL en /omrs/admin/search.php en PHPGurukul Online Marriage Registration System v1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro "searchdata".

11 Nov 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-11 15:15

Updated : 2025-03-27 17:57

NVD link : CVE-2024-50989

Mitre link : CVE-2024-50989

CVE.ORG link : CVE-2024-50989

JSON object : View

Products Affected

phpgurukul

  • online_marriage_registration_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')