CVE-2023-7156 – This SQL injection vulnerability in Campcodes O... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in Campcodes Online College Library System 1.0 allows attackers to manipulate database queries through the category parameter in the search functionality. Remote attackers can potentially access, modify, or delete sensitive data in the database. All deployments of version 1.0 with the vulnerable search component are affected.

💻 Affected Systems

Products:

Campcodes Online College Library System

Versions: 1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the search functionality in index.php when using the category parameter. No authentication required for exploitation.

📦 What is this software?

Online College Library System by Campcodes

View all CVEs affecting Online College Library System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized access to sensitive student/faculty data, grade manipulation, or system disruption through database corruption.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or limited data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available in referenced Medium article. SQL injection via category parameter requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

1. Check vendor website for updates
2. If no patch available, implement parameterized queries
3. Replace vulnerable index.php search code with secure implementation

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to reject malicious SQL characters in category parameter

Add to index.php before processing category: if(preg_match('/[\'\"\;\-\-\/\*\=\s]/', $_GET['category'])) { die('Invalid input'); }

Web Application Firewall Rule

all

Block SQL injection patterns in category parameter

WAF rule: Block requests containing SQL keywords (SELECT, UNION, etc.) in category parameter

🧯 If You Can't Patch

Implement network segmentation to restrict database server access
Enable detailed logging of all search queries and monitor for SQL patterns

🔍 How to Verify

Check if Vulnerable:

Test search functionality with SQL injection payload in category parameter: ' OR '1'='1

Check Version:

Check system documentation or about page for version information

Verify Fix Applied:

Attempt SQL injection tests and verify they are rejected or sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple failed search attempts with special characters
Long or complex search queries

Network Indicators:

HTTP requests with SQL keywords in category parameter
Unusual database query patterns from web server

SIEM Query:

source="web_logs" AND (uri_query="*category=*SELECT*" OR uri_query="*category=*UNION*" OR uri_query="*category=*OR*1*" OR uri_query="*category=*--*")

📊 Metadata

CVE ID: CVE-2023-7156

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: December 29, 2023

Last Updated: November 21, 2024

🔗 References

https://medium.com/@heishou/libsystem-foreground-sql-injection-vulnerability-95b95ab64ccc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.249178 Third Party Advisory
https://vuldb.com/?id.249178 Third Party Advisory
https://medium.com/@heishou/libsystem-foreground-sql-injection-vulnerability-95b95ab64ccc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.249178 Third Party Advisory
https://vuldb.com/?id.249178 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-7156, you might also want to check these: