CVE-2024-30998
Published: 03 April 2024
Summary
CVE-2024-30998 is a critical-severity SQL Injection (CWE-89) vulnerability in Phpgurukul Men Salon Management System. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 5.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-30998 is a SQL injection vulnerability, tracked under CWE-89, that affects PHPGurukul Men Salon Management System version 2.0. The flaw resides in the index.php component and is triggered through the email parameter, enabling manipulation of database queries.
Remote attackers can exploit the issue over the network without authentication or user interaction. Successful exploitation allows arbitrary code execution and disclosure of sensitive information, consistent with the CVSS 9.8 rating reflecting complete confidentiality, integrity, and availability impact.
No official advisories or vendor patches are referenced in the available sources. The reported EPSS score of 0.1332 shows no material increase from its recorded peak.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-28916
Vulnerability details
SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.