CVE-2024-10022
📋 TL;DR
This critical SQL injection vulnerability in Pharmacy Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'text' parameter in the /php/manage_supplier.php?action=search endpoint. Organizations using this software are affected, particularly healthcare and pharmacy businesses that rely on this management system.
💻 Affected Systems
- Pharmacy Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to theft of sensitive patient data, prescription records, financial information, and potential system takeover.
Likely Case
Data exfiltration of pharmacy inventory, supplier details, and potentially patient information if stored in the same database.
If Mitigated
Limited impact with proper input validation and database permissions restricting damage to non-sensitive data.
🎯 Exploit Status
Public exploit available in GitHub gist, making this easily exploitable by attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://code-projects.org/
Restart Required: No
Instructions:
No official patch available. Consider migrating to alternative software or implementing workarounds.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd parameterized queries or proper input sanitization to the manage_supplier.php file
Modify /php/manage_supplier.php to use prepared statements: $stmt = $conn->prepare('SELECT * FROM suppliers WHERE name LIKE ?'); $stmt->bind_param('s', $text);
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection patterns
Add WAF rule: SecRule ARGS:text "@detectSQLi" "id:1001,phase:2,deny,status:403"
🧯 If You Can't Patch
- Block external access to /php/manage_supplier.php via firewall rules
- Implement network segmentation to isolate the Pharmacy Management System from sensitive networks
🔍 How to Verify
Check if Vulnerable:
Test the endpoint with SQL injection payload: /php/manage_supplier.php?action=search&text=' OR '1'='1Check Version:
Check software version in admin panel or readme filesVerify Fix Applied:
Attempt SQL injection after implementing fixes; successful payloads should return error or no data📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in application logs
- Multiple requests to manage_supplier.php with special characters
- Database error messages containing SQL syntax
Network Indicators:
- HTTP requests with SQL keywords in parameters
- Unusual traffic patterns to the vulnerable endpoint
SIEM Query:
source="web_logs" AND uri="/php/manage_supplier.php" AND (query="*OR*" OR query="*UNION*" OR query="*SELECT*" OR query="*--*" OR query="*'*")