An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php
The attacker exploits improper privilege management (CWE-269) in the application's index.php file. Lack of proper access level verification enables execution of operations reserved for privileged users without prior authentication. The attack vector is network-based, requires no privileges or user interaction, which significantly lowers the barrier to entry for the attacker.
An attacker can gain unauthorized access to the system's administrative functions, leading to complete compromise of the confidentiality, integrity, and availability of the application and stored data.
Security patches available from the vendor should be applied according to references. Until the fix is deployed, it is recommended to restrict application access only to trusted networks or implement an additional authentication layer at the web server level (e.g., through a firewall or reverse proxy).
PHPGurukul Online Library Management System v3.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPhpgurukul Online Library Management System
APPPhpgurukul3.0
Related vulnerabilities
Eskalacja uprawnień w Phpgurukul Online Library Management System v.3.0
Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Manag...
A vulnerability, which was classified as critical, was found in PHPGurukul Online Library Management System 3....
A vulnerability has been found in PHPGurukul Online Library Management System 3.0 and classified as problemati...
A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problema...