CVE-2024-12486
📋 TL;DR
This critical vulnerability allows remote attackers to execute SQL injection attacks against the Online Class and Exam Scheduling System 1.0 by manipulating the 'id' parameter in the /pages/rank_update.php file. This can lead to unauthorized database access, data theft, or system compromise. All users running version 1.0 of this software are affected.
💻 Affected Systems
- code-projects Online Class and Exam Scheduling System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise allowing data theft, modification, or deletion; potential system takeover via SQL injection leading to remote code execution.
Likely Case
Unauthorized access to sensitive student/teacher data, grade manipulation, schedule alteration, or credential theft from the database.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only error messages or partial data exposure.
🎯 Exploit Status
Exploit details are publicly available in GitHub documentation; SQL injection vulnerabilities are commonly weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://code-projects.org/
Restart Required: No
Instructions:
No official patch available. Consider upgrading if newer version exists, or implement workarounds.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd parameterized queries or input validation to /pages/rank_update.php to sanitize the 'id' parameter.
Edit rank_update.php to use prepared statements: $stmt = $conn->prepare('UPDATE table SET rank = ? WHERE id = ?'); $stmt->bind_param('si', $rank, $id);
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection patterns targeting the rank_update.php endpoint.
Add WAF rule: deny requests to /pages/rank_update.php with SQL keywords in parameters
🧯 If You Can't Patch
- Restrict network access to the system using firewall rules to allow only trusted IPs.
- Implement database user permissions with least privilege to limit potential damage from SQL injection.
🔍 How to Verify
Check if Vulnerable:
Test the /pages/rank_update.php endpoint with SQL injection payloads in the 'id' parameter (e.g., id=1' OR '1'='1).Check Version:
Check system documentation or admin panel for version information; typically shows 'Version 1.0'.Verify Fix Applied:
Retest with SQL injection payloads; successful fix should return error or no data leakage.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in web server logs for rank_update.php
- Multiple rapid requests to rank_update.php with varying id parameters
Network Indicators:
- HTTP requests to /pages/rank_update.php containing SQL keywords like UNION, SELECT, OR in parameters
SIEM Query:
source="web_logs" AND uri="/pages/rank_update.php" AND (param="*id=*'*" OR param="*id=* OR *" OR param="*id=* UNION *")