CVE-2024-10735
📋 TL;DR
This critical SQL injection vulnerability in Project Worlds Life Insurance Management System 1.0 allows attackers to manipulate database queries through the nominee_id parameter in /editNominee.php. Remote attackers can potentially access, modify, or delete sensitive insurance data. Organizations using this specific version of the software are affected.
💻 Affected Systems
- Project Worlds Life Insurance Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including exfiltration of sensitive customer data (PII, financial information), unauthorized policy modifications, and potential system takeover.
Likely Case
Data theft of customer information, unauthorized access to insurance records, and potential manipulation of nominee data.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only error messages or minimal data exposure.
🎯 Exploit Status
Public exploit available on GitHub, SQL injection via nominee_id parameter requires minimal technical skill
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Consider migrating to alternative software or implementing workarounds.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation and parameterized queries for the nominee_id parameter
Modify editNominee.php to use prepared statements: $stmt = $conn->prepare('SELECT * FROM nominees WHERE id = ?'); $stmt->bind_param('i', $nominee_id);
Web Application Firewall Rules
allBlock SQL injection patterns targeting /editNominee.php endpoint
WAF rule: SecRule REQUEST_URI "@contains /editNominee.php" "id:1001,phase:2,deny,status:403,msg:'Blocking SQLi attempt'"
ModSecurity: SecRule ARGS:nominee_id "@detectSQLi" "id:1002,phase:2,deny"
🧯 If You Can't Patch
- Block external access to /editNominee.php via firewall rules or web server configuration
- Implement database user with minimal permissions (read-only where possible) for the application
🔍 How to Verify
Check if Vulnerable:
Test /editNominee.php endpoint with SQL injection payloads like ' OR '1'='1 in nominee_id parameterCheck Version:
Check application version in admin panel or configuration filesVerify Fix Applied:
Verify that SQL injection attempts return proper error handling or no database errors📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed login attempts following SQL injection patterns
- Requests to /editNominee.php with suspicious parameters
Network Indicators:
- Unusual database query patterns from web server
- Outbound connections to unknown IPs following SQL injection attempts
SIEM Query:
source="web_logs" AND uri="/editNominee.php" AND (param="nominee_id" AND value MATCHES "[';]|OR|UNION|SELECT")