Login Sign Up

CVE-2024-11244

6.3 MEDIUM
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in Farmacia 1.0 allows remote attackers to execute arbitrary SQL commands via the 'id' parameter in the /editar-cliente.php file. This can lead to unauthorized data access, modification, or deletion. All users running Farmacia 1.0 with the vulnerable file accessible are affected.

💻 Affected Systems

Products:
  • Farmacia
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the default installation of Farmacia 1.0. The /editar-cliente.php file must be accessible via web.

📦 What is this software?

Farmacia by Anisha

View all CVEs affecting Farmacia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, and potential server takeover via SQL injection to execute system commands.

🟠

Likely Case

Unauthorized access to sensitive customer and pharmacy data, including personal information, medical records, and financial data.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. SQL injection via URL parameter manipulation is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

1. Check vendor website for updates. 2. If no patch available, implement workarounds. 3. Consider migrating to supported software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add parameter validation and sanitization to /editar-cliente.php to prevent SQL injection.

Modify PHP code to use prepared statements with parameterized queries for the 'id' parameter

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection attempts targeting /editar-cliente.php.

Configure WAF to block requests containing SQL injection patterns in the 'id' parameter

🧯 If You Can't Patch

  • Restrict access to /editar-cliente.php using IP whitelisting or authentication
  • Disable or remove the vulnerable file if functionality is not required

🔍 How to Verify

Check if Vulnerable:

Test /editar-cliente.php?id=1' OR '1'='1 to see if it returns SQL errors or unexpected data.

Check Version:

Check software version in admin panel or readme files

Verify Fix Applied:

Test with SQL injection payloads after fixes to confirm they are blocked and no longer execute.

📡 Detection & Monitoring

Log Indicators:

  • SQL syntax errors in web server logs
  • Multiple requests to /editar-cliente.php with suspicious 'id' parameters

Network Indicators:

  • HTTP requests containing SQL keywords (SELECT, UNION, etc.) in URL parameters

SIEM Query:

source="web_logs" AND uri="/editar-cliente.php" AND (param="id" AND value MATCHES "'.*' OR.*")

📊 Metadata

CVE ID: CVE-2024-11244
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
Published: November 15, 2024
Last Updated: November 20, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11244, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)