CVE-2023-46435 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2023-46435?

CVE-2023-46435 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary SQL commands through the 'id' parameter in the Packers and Movers Management System. Attackers can potentially read, modify, or delete database contents, including sensitive user data. All users running the vulnerable version of this web application are affected.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the 'id' parameter in the Packers and Movers Management System. Attackers can potentially read, modify, or delete database contents, including sensitive user data. All users running the vulnerable version of this web application are affected.

💻 Affected Systems

Products:

Sourcecodester Packers and Movers Management System

Versions: v1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web interface accessible via mpms/?p=services/view_service&id parameter

📦 What is this software?

Packers And Movers Management System by Oretnom23

View all CVEs affecting Packers And Movers Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access including extraction of user credentials, personal information, and business data stored in the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting attacker capabilities.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via URL parameter requires minimal technical skill to exploit

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider implementing parameterized queries or input validation as workaround.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to ensure 'id' parameter contains only numeric values

Add validation in PHP: if(!is_numeric($_GET['id'])) { die('Invalid input'); }

Web Application Firewall Rule

all

Block SQL injection patterns in the 'id' parameter

ModSecurity rule: SecRule ARGS:id "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

Implement network segmentation to restrict access to the vulnerable system
Deploy a web application firewall (WAF) with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Test the vulnerable endpoint with SQL injection payload: mpms/?p=services/view_service&id=1' OR '1'='1

Check Version:

Check application version in admin panel or readme files

Verify Fix Applied:

Test with same payload after implementing fixes - should return error or no data

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed parameter validation attempts

Network Indicators:

HTTP requests with SQL keywords in 'id' parameter
Unusual database query patterns

SIEM Query:

source="web_logs" AND (uri="*services/view_service*" AND (param="*id=*'*" OR param="*id=* OR *" OR param="*id=* UNION *"))

📊 Metadata

CVE ID: CVE-2023-46435

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: October 26, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/kirra-max/bug_reports/blob/main/packers-and-movers-management-system-phpoop-free-source-code/SQL-1.md Exploit,Third Party Advisory
https://github.com/kirra-max/bug_reports/blob/main/packers-and-movers-management-system-phpoop-free-source-code/SQL-1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46435, you might also want to check these: