CVE-2024-55099

CRITICAL

Phpgurukul Online Nurse Hiring System - SQL Injection

Title source: rule

Description

A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.

Exploits (1)

nomisec WORKING POC

by ugurkarakoc1 · poc

https://github.com/ugurkarakoc1/CVE-2024-55099-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability-

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/achchhelalchauhan/phpgurukul/blob/main/SQL%20injection%20ONHP-username.pdf

[Exploit, Third Party Advisory] https://github.com/kuzgunaka/CVE-2024-55099-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability-

Scores

CVSS v3 9.8

EPSS 0.1656

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

phpgurukul/online_nurse_hiring_system 1.0

Published Dec 12, 2024

Tracked Since Feb 18, 2026