CVE-2024-10301

23 Oct 2024

Título es

CVE-2024-10301

Mié, 23/10/2024 – 20:15

Tipo

CWE-89

Gravedad v2.0

5.80

Gravedad 2.0 Txt

MEDIUM

Título en

CVE-2024-10301

Descripción en

A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0. Affected is an unknown function of the file /admin/search-medicalcard.php of the component Search. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

23/10/2024

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0

AV:N/AC:L/Au:M/C:P/I:P/A:P

Gravedad 4.0

5.10

Gravedad 4.0 txt

MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)

4.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM