Login Sign Up

CVE-2024-0479

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

This is a critical SQL injection vulnerability in Taokeyun's login function that allows attackers to execute arbitrary SQL commands by manipulating the username parameter in HTTP POST requests. Attackers can exploit this remotely to potentially access, modify, or delete database contents. All Taokeyun installations up to version 1.0.5 are affected.

💻 Affected Systems

Products:
  • Taokeyun
Versions: up to 1.0.5
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the login function in application/index/controller/m/User.php via HTTP POST requests.

📦 What is this software?

Taokeyun by Jifeer

View all CVEs affecting Taokeyun →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, or remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized database access allowing extraction of sensitive user data, credentials, or application data.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit has been publicly disclosed and requires no authentication. Simple SQL injection via username parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

1. Check for official patch from Taokeyun developers. 2. If patch available, apply following vendor instructions. 3. Verify fix by testing login functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for username parameter to reject SQL special characters

Add input sanitization in application/index/controller/m/User.php before SQL execution

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns in login requests

Configure WAF to detect and block SQL injection patterns in POST parameters

🧯 If You Can't Patch

  • Implement parameterized queries or prepared statements in the login function
  • Restrict database user permissions to minimum required for application functionality

🔍 How to Verify

Check if Vulnerable:

Test login endpoint with SQL injection payloads in username parameter (e.g., admin' OR '1'='1)

Check Version:

Check Taokeyun version in application configuration or package files

Verify Fix Applied:

Attempt SQL injection payloads in login requests and verify they are rejected or properly handled

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple failed login attempts with SQL special characters
  • Login attempts with unusually long usernames

Network Indicators:

  • HTTP POST requests to login endpoint containing SQL keywords (UNION, SELECT, etc.)
  • Abnormal database query patterns from application server

SIEM Query:

source="web_logs" AND uri="/login" AND (payload CONTAINS "' OR" OR payload CONTAINS "UNION" OR payload CONTAINS "SELECT")

📊 Metadata

CVE ID: CVE-2024-0479
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-89
Published: January 13, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0479, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)