NVD disclosure day

Published threat advisories for October 31, 2024

CVE advisoryCRITICAL

CVE-2024-51065

Phpgurukul Beauty Parlour Management System SQL Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SQL injection vulnerability exists in the Phpgurukul Beauty Parlour Management System that could allow unauthorized access to sensitive data and impact system operations. This issue could enable an unauthenticated attacker to manipulate database queries through the username parameter on the admin login page. Its reac

CVE advisoryCRITICAL

CVE-2024-51064

Phpgurukul Teachers Record Management System SQL Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical SQL injection vulnerability exists in Phpgurukul Teachers Record Management System. If reachable, unauthenticated attackers could exploit this flaw to access, modify, or delete sensitive data. Confirming its presence and exposure in your environment is crucial.

CVE advisoryCRITICAL

CVE-2024-51063

Phpgurukul Teachers Record Management System SQL Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SQL injection vulnerability exists in Phpgurukul Teachers Record Management System, allowing an unauthenticated attacker to access or modify sensitive data by sending malicious input to the add-teacher.php page. This could compromise teacher records and database integrity if the system is exposed.

CVE advisoryCRITICAL

CVE-2024-51060

Projectworlds Online Admission System SQL Injection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

The Projectworlds Online Admission System has a critical SQL injection vulnerability in its `index.php` file via the `a_id` parameter. This could allow unauthenticated attackers to access or modify sensitive data. Confirmation is needed to determine if this system is used in your environment.