CVE-2024-57175 – A stored cross-site scripting (XSS) vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-57175?

CVE-2024-57175 has a CVSS score of 5.4 (MEDIUM). A stored cross-site scripting (XSS) vulnerability in PHPGURUKUL Online Birth Certificate System v1.0 allows attackers to inject malicious scripts via the profile name field in the certificate form. When exploited, this enables session hijacking, credential theft, or website defacement for users who view the compromised certificate. Organizations using this specific birth certificate system version are affected.

📋 TL;DR

A stored cross-site scripting (XSS) vulnerability in PHPGURUKUL Online Birth Certificate System v1.0 allows attackers to inject malicious scripts via the profile name field in the certificate form. When exploited, this enables session hijacking, credential theft, or website defacement for users who view the compromised certificate. Organizations using this specific birth certificate system version are affected.

💻 Affected Systems

Products:

PHPGURUKUL Online Birth Certificate System

Versions: v1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation when the system is accessible via web interface.

📦 What is this software?

Online Birth Certificate System by Phpgurukul

View all CVEs affecting Online Birth Certificate System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, gain full system control, and compromise all user data including sensitive birth certificate information.

🟠

Likely Case

Attackers hijack user sessions to perform unauthorized actions, steal personal data, or redirect users to malicious sites.

🟢

If Mitigated

With proper input validation and output encoding, the vulnerability is prevented, maintaining normal system functionality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (viewing the malicious certificate) but the payload injection is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Implement proper input validation on the profile name field. 2. Apply output encoding when displaying user-controlled data. 3. Sanitize all user inputs before processing.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to reject or sanitize HTML/JavaScript in profile name field

Modify /user/certificate-form.php to include: htmlspecialchars($_POST['profile_name'], ENT_QUOTES, 'UTF-8')

Content Security Policy

all

Implement CSP headers to restrict script execution

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to PHP: header("Content-Security-Policy: default-src 'self'; script-src 'self'");

🧯 If You Can't Patch

Disable user profile name editing functionality
Implement web application firewall (WAF) rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Test by entering <script>alert('XSS')</script> in profile name field and check if script executes when certificate is viewed

Check Version:

Check system documentation or admin panel for version information

Verify Fix Applied:

Attempt the same XSS payload and verify it's properly encoded or blocked

📡 Detection & Monitoring

Log Indicators:

Unusual profile name entries containing script tags or JavaScript code
Multiple failed validation attempts on certificate form

Network Indicators:

HTTP requests with script payloads in POST data to /user/certificate-form.php

SIEM Query:

source="web_logs" AND (uri="/user/certificate-form.php" AND (post_data CONTAINS "<script>" OR post_data CONTAINS "javascript:"))

📊 Metadata

CVE ID: CVE-2024-57175

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.22% exploit probability (44.6th percentile)

Published: February 3, 2025

Last Updated: March 28, 2025

🔗 References

https://github.com/Ajmal101/CVE-2024-57175/blob/main/README.md Exploit,Third Party Advisory
https://github.com/Ajmal101/CVE-2024-57175/blob/main/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57175, you might also want to check these: