CVE-2024-0474 – This critical SQL injection vulnerability in Do... (How to Fix)

Q: What is the severity of CVE-2024-0474?

CVE-2024-0474 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in Dormitory Management System 1.0 allows attackers to manipulate database queries through the username parameter in login.php. Attackers can potentially access, modify, or delete sensitive data including user credentials and personal information. Organizations using this software are affected.

📋 TL;DR

This critical SQL injection vulnerability in Dormitory Management System 1.0 allows attackers to manipulate database queries through the username parameter in login.php. Attackers can potentially access, modify, or delete sensitive data including user credentials and personal information. Organizations using this software are affected.

💻 Affected Systems

Products:

code-projects Dormitory Management System

Versions: 1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the login.php file specifically. Any installation with default configuration is vulnerable.

📦 What is this software?

Dormitory Management System by Code Projects

View all CVEs affecting Dormitory Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, authentication bypass, privilege escalation, and potential system takeover.

🟠

Likely Case

Unauthorized data access, credential theft, and potential authentication bypass allowing attackers to gain administrative access.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects login functionality, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable to insider threats or compromised internal accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in GitHub repositories. SQL injection via username parameter requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Implement parameterized queries in login.php, validate and sanitize all user inputs, and consider replacing with secure software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation and sanitization for username parameter before processing SQL queries

Modify login.php to use prepared statements with parameterized queries

Web Application Firewall Rules

all

Implement WAF rules to block SQL injection patterns in login requests

Add WAF rule: Detect and block SQL keywords in username parameter

🧯 If You Can't Patch

Isolate the system behind a firewall with strict access controls
Implement network segmentation to limit database access from application servers

🔍 How to Verify

Check if Vulnerable:

Test login.php with SQL injection payloads in username field (e.g., admin' OR '1'='1)

Check Version:

Check software version in system configuration or about page

Verify Fix Applied:

Attempt SQL injection tests and verify they are rejected or properly handled

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts with SQL patterns
Successful logins from unusual IP addresses

Network Indicators:

HTTP POST requests to login.php containing SQL keywords
Unusual database query patterns from application server

SIEM Query:

source="web_logs" AND uri="/login.php" AND (username CONTAINS "' OR" OR username CONTAINS "--" OR username CONTAINS ";")

📊 Metadata

CVE ID: CVE-2024-0474

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: January 12, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf Broken Link
https://vuldb.com/?ctiid.250579 Permissions Required,Third Party Advisory
https://vuldb.com/?id.250579 Third Party Advisory
https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf Broken Link
https://vuldb.com/?ctiid.250579 Permissions Required,Third Party Advisory
https://vuldb.com/?id.250579 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0474, you might also want to check these: