Platform
php
Component
land-record-system
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Land Record System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts into the application via manipulation of the Admin Name parameter within the /admin/admin-profile.php file. The vulnerability is exploitable remotely and has been publicly disclosed. A patch is available in version 1.0.1.
Successful exploitation of CVE-2024-13083 allows an attacker to execute arbitrary JavaScript code in the context of a user's browser session. This can lead to session hijacking, credential theft, and defacement of the Land Record System's administrative interface. The attacker could potentially gain unauthorized access to sensitive land record data or modify system configurations. The impact is amplified if the administrative interface is used to manage critical data or processes, as an attacker could leverage this vulnerability to gain broader control over the system.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. There are currently no known active campaigns targeting this specific vulnerability, but the availability of a public exploit increases the risk. The CVSS score of 3.5 (LOW) indicates a relatively low probability of exploitation, but proactive mitigation is still recommended.
Exploit Status
EPSS
0.13% (32% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-13083 is to upgrade to version 1.0.1 of PHPGurukul Land Record System. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the Admin Name field to prevent malicious script injection. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review and update security configurations to minimize the attack surface.
Update to a patched version of the software. If no version is available, review the code in `/admin/admin-profile.php` and ensure that user input in the `Admin Name` argument is properly escaped to prevent the execution of malicious JavaScript code. Consider temporarily disabling the functionality until a fix can be applied.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13083 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Land Record System versions 1.0 through 1.0, allowing attackers to inject malicious scripts.
You are affected if you are running PHPGurukul Land Record System version 1.0. Upgrade to version 1.0.1 to resolve the vulnerability.
Upgrade to version 1.0.1 of PHPGurukul Land Record System. As a temporary workaround, implement input validation and sanitization on the Admin Name field.
While there are no confirmed active campaigns, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the PHPGurukul website or security mailing lists for the official advisory regarding CVE-2024-13083.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.