CVE-2024-30989

2024-04-1700:00:00

mitre

www.cve.org

cve-2024-30989

php

mysql

arbitrary code execution

parameter tampering

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the “cname”, “comname”, “state” and “city” parameter.

References

medium.com/%40shanunirwan/cve-2024-30989-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3cfa1c54e4a6