| 제목 | PHPGurukul Rail Pass Management System V1.0 Cross Site Scripting |
|---|
| 설명 | During the security assessment of "Rail Pass Management System", I detected a critical Cross-Site Scripting vulnerability in the "/rpms/contact.php" file. This vulnerability is attributed to the insufficient sanitization and validation of user input for the "name" parameter. This inadequacy enables attackers to inject malicious JavaScript payloads that execute within the context of the application domain. When attackers send the evil payload to admin as the contact information ,then, when admin look through the others' contact information in "/rpms/admin/unreadenq.php" behind the admin back-end management, the admin-cookie and admin-password is stolen by attackers.Consequently, attackers can compromise user accounts, steal sensitive information, and manipulate application functionality. Immediate corrective actions are essential to safeguard user security and maintain trust. |
|---|
| 원천 | ⚠️ https://github.com/kakalalaww/CVE/issues/12 |
|---|
| 사용자 | kakalalaww (UID 86294) |
|---|
| 제출 | 2025. 06. 08. AM 10:52 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 06. 15. PM 12:33 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 312595 [PHPGurukul Rail Pass Management System 1.0 /contact.php 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|