CVE-2024-55099

CRITICAL

phpgurukul Online Nurse Hiring System v1.0 - SQL Injection via Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-55099. PoCs published by ugurkarakoc1.

AI-analyzed exploit summary This repository provides a proof-of-concept for CVE-2024-55099, demonstrating SQL injection in the 'username' parameter of the Online Nurse Hiring System v1.0. The PoC includes SQLmap commands and payloads for time-based blind and UNION-based SQL injection attacks.

Description

A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.

Exploits (1)

nomisec WORKING POC
by ugurkarakoc1 · poc
https://github.com/ugurkarakoc1/CVE-2024-55099-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability-

This repository provides a proof-of-concept for CVE-2024-55099, demonstrating SQL injection in the 'username' parameter of the Online Nurse Hiring System v1.0. The PoC includes SQLmap commands and payloads for time-based blind and UNION-based SQL injection attacks.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Online Nurse Hiring System v1.0
No auth needed
Prerequisites: Access to the vulnerable application · SQLmap tool
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0100
EPSS Percentile 58.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
phpgurukul/online_nurse_hiring_system 1.0
Published Dec 12, 2024
Tracked Since Feb 18, 2026