CVE-2020-24862 – CVE-2020-24862 is a time-based blind SQL inject... (How to Fix)

Q: What is the severity of CVE-2020-24862?

CVE-2020-24862 has a CVSS score of 7.5 (HIGH). CVE-2020-24862 is a time-based blind SQL injection vulnerability in Pharmacy Medical Store and Sale Point v1.0 that allows attackers to extract database information through the catID parameter in /medical/inventories.php. This affects all users running the vulnerable version of this PHP/MySQL application. Attackers can potentially retrieve sensitive data from the database.

📋 TL;DR

CVE-2020-24862 is a time-based blind SQL injection vulnerability in Pharmacy Medical Store and Sale Point v1.0 that allows attackers to extract database information through the catID parameter in /medical/inventories.php. This affects all users running the vulnerable version of this PHP/MySQL application. Attackers can potentially retrieve sensitive data from the database.

💻 Affected Systems

Products:

Pharmacy Medical Store and Sale Point

Versions: v1.0

Operating Systems: Any OS running PHP/MySQL

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the default installation of the software. No special configuration required for exploitation.

📦 What is this software?

Pharmacy Medical Store And Sale Point by Pharmacy Medical Store And Sale Point Project

View all CVEs affecting Pharmacy Medical Store And Sale Point →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including sensitive medical/store data, customer information, credentials, and potential lateral movement to other systems.

🟠

Likely Case

Data exfiltration of database contents including product information, sales records, and potentially user credentials.

🟢

If Mitigated

Limited information disclosure if proper input validation and parameterized queries are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is in a web application component accessible via HTTP.

🏢 Internal Only: MEDIUM - Internal systems running this software remain vulnerable but have reduced attack surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB. Time-based blind SQL injection requires automated tools but is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Implement input validation and parameterized queries in /medical/inventories.php file.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to ensure catID parameter contains only expected values

Edit /medical/inventories.php to validate catID parameter before use in SQL queries

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns

Add WAF rule to block SQL injection patterns in catID parameter

🧯 If You Can't Patch

Isolate the application behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Test the /medical/inventories.php endpoint with SQL injection payloads in catID parameter and observe time delays

Check Version:

Check application version in source code or configuration files

Verify Fix Applied:

Test with SQL injection payloads and verify no time delays or database errors occur

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple requests with SQL-like patterns in catID parameter
Long response times from /medical/inventories.php

Network Indicators:

HTTP requests to /medical/inventories.php with SQL injection patterns in parameters
Unusual database query patterns from application server

SIEM Query:

source="web_logs" AND uri="/medical/inventories.php" AND (param="catID" AND value MATCHES "(?i)(SELECT|UNION|SLEEP|WAITFOR|BENCHMARK)")

📊 Metadata

CVE ID: CVE-2020-24862

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

Published: June 2, 2021

Last Updated: November 21, 2024

🔗 References

https://www.exploit-db.com/exploits/48752 Exploit,Third Party Advisory,VDB Entry
https://www.sourcecodester.com/download-code?nid=14398&title=Pharmacy%2FMedical+Store+%26+Sale+Point+Using+PHP%2FMySQL+with+Bootstrap+Framework Third Party Advisory
https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html Third Party Advisory
https://www.exploit-db.com/exploits/48752 Exploit,Third Party Advisory,VDB Entry
https://www.sourcecodester.com/download-code?nid=14398&title=Pharmacy%2FMedical+Store+%26+Sale+Point+Using+PHP%2FMySQL+with+Bootstrap+Framework Third Party Advisory
https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24862, you might also want to check these: