CVE-2024-13080 in Land Record System
Summary
by MITRE • 12/31/2024
A vulnerability was found in PHPGurukul Land Record System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/aboutus.php. The manipulation of the argument Page Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/30/2025
The vulnerability identified as CVE-2024-13080 resides within the PHPGurukul Land Record System version 1.0, a web application designed for managing land records and related administrative functions. This system falls under the category of web-based applications that handle sensitive governmental or administrative data, making it a potentially attractive target for cyber adversaries seeking to exploit weaknesses in public sector digital infrastructure. The vulnerability is classified as problematic due to its potential for remote code execution and data manipulation capabilities.
The technical flaw manifests specifically within the /admin/aboutus.php file where the Page Description parameter is improperly handled, creating a cross-site scripting vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This vulnerability stems from inadequate input validation and output sanitization mechanisms that fail to properly escape or encode user-supplied data before rendering it within the web application's interface. The flaw directly corresponds to CWE-79, which represents Cross-Site Scripting vulnerabilities in web applications, and aligns with ATT&CK technique T1566.001 for Initial Access through Spearphishing Attachment, as attackers could leverage this vulnerability to deliver malicious payloads through crafted web content.
The operational impact of this vulnerability extends beyond simple script injection, as it enables attackers to perform various malicious activities including session hijacking, credential theft, and redirection to malicious sites. Remote exploitation capabilities mean that attackers do not require physical access to the system or network, allowing them to target users from anywhere on the internet. The public disclosure of the exploit increases the risk profile significantly, as it provides threat actors with readily available tools and techniques to compromise affected systems. This vulnerability particularly threatens the integrity and confidentiality of the land record management system, potentially exposing sensitive property data, user credentials, and administrative functions to unauthorized access.
Mitigation strategies should include immediate input validation and output encoding implementations that sanitize all user-supplied data before processing or display within the application. The system administrators should implement proper Content Security Policy headers to prevent execution of unauthorized scripts and establish regular security audits to identify similar vulnerabilities across the application codebase. Updates to the PHPGurukul Land Record System should be prioritized to address this vulnerability, while also implementing web application firewalls and monitoring systems to detect and prevent exploitation attempts. Organizations utilizing this system should also consider implementing principle of least privilege access controls and regular security training for administrators to reduce the potential impact of successful exploitation attempts.