CVE-2024-11241
📋 TL;DR
This critical SQL injection vulnerability in Job Recruitment 1.0 allows remote attackers to execute arbitrary SQL commands via the 'e' parameter in reset.php. Attackers can potentially access, modify, or delete database contents. All users running the vulnerable version are affected.
💻 Affected Systems
- code-projects Job Recruitment
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE chaining
Likely Case
Unauthorized database access allowing extraction of sensitive user data, credentials, or application data
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permissions in place
🎯 Exploit Status
Exploit details publicly available on GitHub, making this easily exploitable by attackers with basic SQL injection knowledge
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://code-projects.org/
Restart Required: No
Instructions:
No official patch available. Implement parameterized queries in reset.php, validate and sanitize the 'e' parameter input, or consider replacing the software
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd server-side validation to ensure the 'e' parameter contains only expected email format characters
Modify reset.php to include: $email = filter_var($_GET['e'], FILTER_SANITIZE_EMAIL); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { die('Invalid email'); }
Web Application Firewall Rule
allBlock SQL injection patterns targeting reset.php
WAF specific - add rule to block requests to reset.php containing SQL keywords in parameters
🧯 If You Can't Patch
- Disable or remove reset.php if password reset functionality is not required
- Implement network-level restrictions to limit access to reset.php to trusted IP addresses only
🔍 How to Verify
Check if Vulnerable:
Test reset.php with SQL injection payloads in the 'e' parameter: reset.php?e=test' OR '1'='1Check Version:
Check software version in admin panel or readme files; this affects specifically version 1.0Verify Fix Applied:
Test with same SQL injection payloads and verify they are rejected or properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed password reset attempts with SQL-like patterns in parameters
- Requests to reset.php with unusual parameter values
Network Indicators:
- HTTP requests to reset.php containing SQL keywords (UNION, SELECT, INSERT, etc.) in parameters
- Unusual database query patterns from web server
SIEM Query:
source="web_logs" AND uri="/reset.php" AND (param="*UNION*" OR param="*SELECT*" OR param="*INSERT*" OR param="*' OR '*")