CVE-2024-57686
Published: 10 January 2025
Summary
CVE-2024-57686 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Phpgurukul Land Record System. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents XSS by filtering output to web pages, blocking execution of malicious scripts injected via the unsanitized pagetitle parameter.
Enforces input validation on parameters like pagetitle at system entry points, rejecting malicious XSS payloads before processing.
Restricts input to the pagetitle parameter to approved formats and lengths, limiting the feasibility of crafting effective XSS payloads.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS in public-facing web application (/admin/contactus.php) enables exploitation of public-facing applications (T1190) and facilitates stealing web session cookies via injected JavaScript (T1539).
NVD Description
A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter.
Deeper analysisAI
CVE-2024-57686 is a Cross-Site Scripting (XSS) vulnerability in PHPGurukul Land Record System version 1.0. The issue resides in the /landrecordsys/admin/contactus.php component, where the "pagetitle" parameter fails to properly sanitize user input. This allows remote attackers to inject malicious payloads, leading to the execution of arbitrary code. The vulnerability is associated with CWE-79 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical severity.
Any remote attacker can exploit this vulnerability without authentication, privileges, or user interaction, simply by crafting and sending a malicious request over the network to the vulnerable endpoint. Exploitation via the "pagetitle" parameter enables attackers to execute arbitrary code in the context of the victim's browser, potentially compromising confidentiality, integrity, and availability with high impact.
Advisories and mitigation details are available in community references, including a write-up PDF at https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/Reflected%20Cross%20Site%20Scripting.pdf and a notebook at https://github.com/lhRaMk7/notebook/blob/main/phar_rce. No official vendor patches or detailed mitigation steps are specified in the CVE publication dated 2025-01-10.
Details
- CWE(s)