关键信息 1. 漏洞名称: - PHPGurukul User Registration & Login and User Management System /signup.php SQL Injection 2. 漏洞编号: - VDB-286191 - CVE-2024-11818 3. CVSS Meta Temp Score: - 6.9 4. 当前漏洞价格: - $0-$5k 5. CTI Interest Score: - 0.18 6. 漏洞描述: - PHPGurukul User Registration & Login and User Management System 1.0 中存在一个SQL注入漏洞,影响未知部分的文件 。通过操纵 参数,使用未知输入会导致SQL注入。CWE将此问题分类为CWE-89。 7. 影响: - 影响了文件 中的未知部分。 - 漏洞允许通过外部影响的输入构造SQL命令,但未正确中和或中和特殊元素,可能导致下游组件的SQL命令被修改。 - 影响了数据的机密性、完整性和可用性。 8. CVE描述: - A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 9. 漏洞利用: - Exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a public exploit are known. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK. 10. 漏洞利用下载: - The exploit is shared for download at github.com. 11. 漏洞利用类型: - The exploit is declared as proof-of-concept. 12. 搜索建议: - By approaching the search of inurl:signup.php it is possible to find vulnerable targets with Google Hacking. 13. 建议措施: - There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. 14. 相关漏洞: - Entries connected to this vulnerability are available at VDB-254388, VDB-256040, VDB-282870 and VDB-284679.