CVE-2023-51801 – This SQL injection vulnerability in Simple Stud... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in Simple Student Attendance System v1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in student_form.php and class_form.php pages. Attackers can potentially read, modify, or delete database content, and in some configurations execute operating system commands. Any organization using this software is affected.

💻 Affected Systems

Products:

Simple Student Attendance System

Versions: v1.0

Operating Systems: Any OS running PHP and MySQL/MariaDB

Default Config Vulnerable: ⚠️ Yes

Notes: Requires PHP with MySQL/MariaDB database backend. All installations of v1.0 are vulnerable.

📦 What is this software?

Simple Student Attendance System by Oretnom23

View all CVEs affecting Simple Student Attendance System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including database destruction, remote code execution on the server, and lateral movement to other systems.

🟠

Likely Case

Database information theft (student records, credentials), data manipulation, and potential privilege escalation.

🟢

If Mitigated

Limited to database information disclosure if proper input validation and parameterized queries are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub. SQL injection is straightforward with no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Replace vulnerable code with parameterized queries
2. Implement input validation for id parameter
3. Escape all user inputs before database queries

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns in id parameter

Input Validation Filter

all

Add PHP input validation to restrict id parameter to numeric values only

if(!is_numeric($_GET['id'])) { die('Invalid input'); }

🧯 If You Can't Patch

Isolate the system behind a reverse proxy with strict input validation
Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Test student_form.php?id=1' OR '1'='1 and check for SQL errors or unexpected behavior

Check Version:

Check PHP files for version information or consult installation documentation

Verify Fix Applied:

Test with SQL injection payloads and verify they are rejected or properly handled

📡 Detection & Monitoring

Log Indicators:

SQL syntax errors in application logs
Unusual database queries with special characters in id parameter

Network Indicators:

HTTP requests with SQL injection patterns in id parameter
Unusual database connection patterns

SIEM Query:

source="web_logs" AND (uri="*student_form.php*" OR uri="*class_form.php*") AND (query="*id=*'*" OR query="*id=*%27*")

📊 Metadata

CVE ID: CVE-2023-51801

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: February 29, 2024

Last Updated: December 16, 2024

🔗 References

https://github.com/geraldoalcantara/CVE-2023-51801 Exploit,Third Party Advisory
https://github.com/geraldoalcantara/CVE-2023-51801 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51801, you might also want to check these: