CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2024-3085 – PHPGurukul Emergency Ambulance Hiring Portal Admin Login Page login.php sql injection
https://notcve.org/view.php?id=CVE-2024-3085
30 Mar 2024 — A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3084 – PHPGurukul Emergency Ambulance Hiring Portal Hire an Ambulance Page cross site scripting
https://notcve.org/view.php?id=CVE-2024-3084
30 Mar 2024 — A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sxss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •