CVE-2023-50864 – Travel Website v1.0 contains unauthenticated SQ... (How to Fix)

📋 TL;DR

Travel Website v1.0 contains unauthenticated SQL injection vulnerabilities in the hotelDetails.php resource, allowing attackers to execute arbitrary SQL commands without authentication. This affects all deployments of Travel Website v1.0 that expose the vulnerable endpoint.

💻 Affected Systems

Products:

Travel Website

Versions: v1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of Travel Website v1.0 are vulnerable by default. The hotelDetails.php endpoint must be accessible.

📦 What is this software?

Travel Website by Kashipara

View all CVEs affecting Travel Website →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, session hijacking, and potential privilege escalation leading to unauthorized access to sensitive user data.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or partial data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via hotelId parameter requires no authentication and can be exploited with basic SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.kashipara.com/

Restart Required: No

Instructions:

1. Check vendor website for updated version
2. Replace vulnerable hotelDetails.php file
3. Test functionality after update

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to only accept numeric values for hotelId parameter

Modify hotelDetails.php to include: if(!is_numeric($_GET['hotelId'])) { die('Invalid input'); }

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

🧯 If You Can't Patch

Block external access to hotelDetails.php endpoint at network perimeter
Implement database user with minimal permissions (read-only if possible)

🔍 How to Verify

Check if Vulnerable:

Test hotelDetails.php?hotelId=1' OR '1'='1 and observe database errors or unexpected behavior

Check Version:

Check Travel Website version in admin panel or configuration files

Verify Fix Applied:

Test same payload after fix and confirm proper error handling or rejection

📡 Detection & Monitoring

Log Indicators:

SQL syntax errors in web server logs
Multiple rapid requests to hotelDetails.php with unusual parameters

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, etc.) in hotelId parameter

SIEM Query:

source="web_logs" AND uri="*hotelDetails.php*" AND (query="*' OR*" OR query="*UNION*" OR query="*SELECT*" OR query="*--*" OR query="*;*" OR query="*/*")

📊 Metadata

CVE ID: CVE-2023-50864

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 4, 2024

Last Updated: November 21, 2024

🔗 References

https://fluidattacks.com/advisories/evans/ Exploit,Third Party Advisory
https://www.kashipara.com/ Product
https://fluidattacks.com/advisories/evans/ Exploit,Third Party Advisory
https://www.kashipara.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50864, you might also want to check these: