Platform
php
Component
land-record-system
Fixed in
1.0.1
CVE-2024-13081 is a cross-site scripting (XSS) vulnerability identified in PHPGurukul Land Record System versions 1.0 through 1.0. An attacker can exploit this flaw by manipulating the 'Page Description' parameter within the /admin/contactus.php file, potentially leading to the execution of malicious scripts in the context of a user's browser. A patch is available in version 1.0.1.
Successful exploitation of CVE-2024-13081 allows an attacker to inject arbitrary JavaScript code into the Land Record System's web interface. This can lead to various malicious outcomes, including session hijacking, defacement of the administrative panel, and redirection of users to phishing sites. The attacker could potentially steal sensitive data, such as user credentials or land records, depending on the system's configuration and the privileges of the affected user. Given the administrative context of /admin/contactus.php, a successful attack could grant the attacker control over the entire Land Record System.
CVE-2024-13081 has been publicly disclosed, increasing the likelihood of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on sensitive data warrant attention. No known active campaigns targeting this vulnerability have been reported as of the publication date. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.13% (32% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-13081 is to upgrade to version 1.0.1 of PHPGurukul Land Record System. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the 'Page Description' parameter within the /admin/contactus.php file. This can involve stripping out potentially malicious HTML tags or encoding user-supplied input. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update the system's security configuration to minimize the attack surface. After upgrade, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the 'Page Description' field and verifying that it is properly sanitized.
Update to a patched version or apply the necessary security measures to prevent the injection of malicious code into the 'Page Description' field of the /admin/contactus.php file. Properly validate and escape user inputs to prevent XSS attacks. If a patched version is not available, consider disabling or removing the vulnerable functionality.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13081 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Land Record System versions 1.0-1.0, allowing attackers to inject malicious scripts via the /admin/contactus.php file.
You are affected if you are using PHPGurukul Land Record System version 1.0. Check your version and upgrade if necessary.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and sanitization on the 'Page Description' parameter.
While no active campaigns are currently confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the PHPGurukul website or security mailing lists for the official advisory regarding CVE-2024-13081.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.