Platform
php
Component
land-record-system
Fixed in
1.0.1
CVE-2024-13077 is a problematic cross-site scripting (XSS) vulnerability identified in PHPGurukul Land Record System versions 1.0 through 1.0. This vulnerability resides within the /admin/add-property.php file and can be exploited through manipulation of the Land Subtype argument. A patch is available in version 1.0.1, addressing this security concern.
Successful exploitation of CVE-2024-13077 allows an attacker to inject malicious scripts into the Land Record System's web interface. This can lead to various consequences, including session hijacking, defacement of the administrative panel, and redirection of users to malicious websites. The attacker could potentially steal sensitive information, such as user credentials or property data, depending on the level of access granted to the compromised account. Given the administrative context of /admin/add-property.php, the impact could be significant if an administrator's session is compromised.
CVE-2024-13077 has been publicly disclosed, increasing the risk of exploitation. While no active campaigns have been definitively linked to this specific vulnerability, the availability of public information makes it a potential target for opportunistic attackers. The exploit's simplicity suggests a relatively low barrier to entry for exploitation. The vulnerability was added to the NVD on 2024-12-31.
Exploit Status
EPSS
0.13% (32% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-13077 is to upgrade PHPGurukul Land Record System to version 1.0.1 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the Land Subtype field to prevent malicious input. Web application firewalls (WAFs) configured to detect and block XSS payloads targeting the /admin/add-property.php endpoint can provide an additional layer of protection. Regularly review and update input validation routines to prevent future XSS vulnerabilities.
Update to a patched version or apply necessary security measures to prevent the execution of XSS code. Validate and escape user inputs, especially the 'Land Subtype' parameter in the add-property.php file. Consider implementing a content security policy (CSP) to mitigate XSS attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13077 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Land Record System versions 1.0-1.0, allowing attackers to inject malicious scripts via the /admin/add-property.php file.
Yes, if you are running PHPGurukul Land Record System version 1.0, you are affected by this XSS vulnerability. Upgrade to version 1.0.1 to mitigate the risk.
The recommended fix is to upgrade to PHPGurukul Land Record System version 1.0.1 or later. As a temporary workaround, implement input validation and sanitization on the Land Subtype field.
While no confirmed active campaigns have been reported, the public disclosure of the vulnerability increases the likelihood of exploitation by opportunistic attackers.
Refer to the PHPGurukul website or security advisories for the official advisory regarding CVE-2024-13077 and the Land Record System.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.