CVE-2024-51225
Stored XSS in Phpgurukul Vehicle System /admin/add-brand.php
Publication date: 2026-03-23
Last updated on: 2026-03-24
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | vehicle_record_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-51225 is a stored cross-site scripting (XSS) vulnerability in the Phpgurukul Vehicle Record Management System version 1.0. It occurs in the admin interface, specifically in the /admin/add-brand.php component where the brandname parameter is accepted and stored without any sanitization.
The vulnerability is a second-order stored XSS, meaning the malicious payload is injected in one page (/admin/add-brand.php) and executed in another (/admin/add-vehicle.php). The stored brand name is rendered directly inside HTML option tags without encoding, allowing embedded JavaScript to execute when an admin visits the Add Vehicle page.
How can this vulnerability impact me? :
This vulnerability allows attackers to execute arbitrary JavaScript in the context of authenticated admin users visiting the Add Vehicle page.
- Execution of malicious scripts can lead to session hijacking by stealing admin cookies.
- It can enable privilege escalation and potentially full admin account takeover.
- There is a supply chain risk if brand data is imported in bulk, potentially compromising all admins.
- The second-order nature of the XSS can bypass simple web application firewall (WAF) rules, making detection and prevention harder.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a second-order stored XSS affecting the brandname parameter in /admin/add-brand.php and executing in /admin/add-vehicle.php. Detection involves verifying if malicious scripts can be injected and later executed when rendering brand names.'}, {'type': 'paragraph', 'content': "A practical detection method is to attempt injecting a test payload such as <script>alert('CVE-2024-51225')</script> into the brandname field via the Add Brand page and then checking if the script executes on the Add Vehicle page."}, {'type': 'paragraph', 'content': 'For automated or manual checks, you can use web application testing tools or commands like curl to POST a payload and then fetch the page to see if the payload executes.'}, {'type': 'list_item', 'content': 'Inject payload using curl: curl -X POST -d "brandname=<script>alert(\'test\')</script>&submit=Submit" https://target/admin/add-brand.php'}, {'type': 'list_item', 'content': 'Check execution by accessing the Add Vehicle page and observing if the alert triggers or if the payload appears unencoded in the HTML source.'}, {'type': 'paragraph', 'content': 'Because this is a second-order XSS, network detection tools may not easily detect it; manual or scripted testing of the application interface is recommended.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include applying proper output encoding and input sanitization to prevent execution of malicious scripts.'}, {'type': 'list_item', 'content': 'Modify the code that renders brand names in /admin/add-vehicle.php to use htmlspecialchars() or equivalent to encode output, for example: echo \'<option value="\' . $row[\'id\'] . \'">\' . htmlspecialchars($row[\'BrandName\'], ENT_QUOTES, \'UTF-8\') . \'</option>\';'}, {'type': 'list_item', 'content': "Sanitize input on /admin/add-brand.php before storing it in the database, for example: $brandname = htmlspecialchars(trim($_POST['brandname']), ENT_QUOTES, 'UTF-8');"}, {'type': 'list_item', 'content': 'Implement server-side validation to restrict brand names to alphanumeric characters and limited punctuation.'}, {'type': 'list_item', 'content': 'Deploy Content Security Policy (CSP) headers to restrict script execution in the admin interface.'}, {'type': 'paragraph', 'content': 'These steps will prevent malicious scripts from being stored and executed, mitigating the risk of session hijacking, privilege escalation, and admin takeover.'}] [1]