CVE-2023-24726 – Art Gallery Management System v1.0 contains a S... (How to Fix)

Q: What is the severity of CVE-2023-24726?

CVE-2023-24726 has a CVSS score of 9.8 (CRITICAL). Art Gallery Management System v1.0 contains a SQL injection vulnerability in the viewid parameter on the enquiry page. This allows attackers to execute arbitrary SQL commands on the database. Anyone running this specific version of the software is affected.

📋 TL;DR

Art Gallery Management System v1.0 contains a SQL injection vulnerability in the viewid parameter on the enquiry page. This allows attackers to execute arbitrary SQL commands on the database. Anyone running this specific version of the software is affected.

💻 Affected Systems

Products:

Art Gallery Management System

Versions: v1.0

Operating Systems: Any OS running PHP and MySQL

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific PHP/MySQL implementation from phpgurukul.com

📦 What is this software?

Art Gallery Management System by Phpgurukul

View all CVEs affecting Art Gallery Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via GET parameter requires minimal technical skill to exploit

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Replace vulnerable code with parameterized queries or use alternative software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and sanitization for the viewid parameter

Modify PHP code to use prepared statements: $stmt = $conn->prepare('SELECT * FROM enquiries WHERE id = ?'); $stmt->bind_param('i', $viewid);

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns

🧯 If You Can't Patch

Isolate the system from internet access and restrict to internal network only
Implement strict network segmentation and monitor all database access attempts

🔍 How to Verify

Check if Vulnerable:

Test the enquiry page with SQL injection payloads like: /enquiry.php?viewid=1' OR '1'='1

Check Version:

Check PHP files for version comments or compare with original v1.0 source code

Verify Fix Applied:

Verify that parameterized queries are implemented and SQL injection payloads no longer work

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed parameter validation attempts
Suspicious database queries from web server

Network Indicators:

HTTP requests with SQL keywords in parameters
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND ("UNION SELECT" OR "OR '1'='1" OR "SQL syntax")

📊 Metadata

CVE ID: CVE-2023-24726

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 15, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-24726/CVE-2023-24726.txt Exploit,Vendor Advisory
https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/ Product
https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip Product
https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-24726/CVE-2023-24726.txt Exploit,Vendor Advisory
https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/ Product
https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24726, you might also want to check these: