Skip to content

dovankha/CVE-2024-34224

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

Computer Laboratory Management System using PHP and MySQL 1.0

Submitter: Kha Do

Vulnerability

Cross Site Scripting

Description

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.

Affected component

Path URL: /php-lms/classes/Users.php?f=save

Parameters: firstname, middlename, lastname

POC

Input payload <script>alert(123)</script> into firstname parameter and save it. Firstname

After saving, the pop-up windows like will appear: Firstname_Popup

About

CVE-2024-34224 | Cross Site Scripting

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published