CVE-2024-12787 – This critical SQL injection vulnerability in 10... (How to Fix)

Q: What is the severity of CVE-2024-12787?

CVE-2024-12787 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in 1000 Projects Attendance Tracking Management System 1.0 allows attackers to execute arbitrary SQL commands via the student_emailid parameter in /student/check_student_login.php. Organizations using this specific version of the attendance tracking system are affected. The vulnerability can be exploited remotely without authentication.

📋 TL;DR

This critical SQL injection vulnerability in 1000 Projects Attendance Tracking Management System 1.0 allows attackers to execute arbitrary SQL commands via the student_emailid parameter in /student/check_student_login.php. Organizations using this specific version of the attendance tracking system are affected. The vulnerability can be exploited remotely without authentication.

💻 Affected Systems

Products:

1000 Projects Attendance Tracking Management System

Versions: 1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version 1.0 of this software. The vulnerability exists in the default installation.

📦 What is this software?

Attendance Tracking Management System by 1000projects

View all CVEs affecting Attendance Tracking Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential server takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized access to student attendance records, personal information exposure, and potential manipulation of attendance data.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or partial data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. SQL injection vulnerabilities are commonly weaponized due to their prevalence and impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://1000projects.org/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement parameterized queries or prepared statements for the student_emailid parameter in check_student_login.php

Modify PHP code to use prepared statements: $stmt = $conn->prepare('SELECT * FROM students WHERE email = ?'); $stmt->bind_param('s', $email);

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint

Configure WAF to block requests containing SQL keywords (UNION, SELECT, INSERT, etc.) in the student_emailid parameter

🧯 If You Can't Patch

Isolate the system from internet access and restrict to internal network only
Implement strict network segmentation and monitor all traffic to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Test the /student/check_student_login.php endpoint with SQL injection payloads in the student_emailid parameter

Check Version:

Check system documentation or configuration files for version information

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return appropriate error messages or are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple failed login attempts with SQL-like patterns in email parameter
Requests to check_student_login.php with unusual parameters

Network Indicators:

HTTP POST requests to /student/check_student_login.php containing SQL keywords in parameters
Unusual database query patterns from the application server

SIEM Query:

source="web_logs" AND uri="/student/check_student_login.php" AND (param="student_emailid" AND value MATCHES "(?i)(union|select|insert|delete|update|drop|--|#|;)")

📊 Metadata

CVE ID: CVE-2024-12787

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

Published: December 19, 2024

Last Updated: January 10, 2025

🔗 References

https://1000projects.org/ Product
https://github.com/AFK-cmd/CVE/issues/1 Broken Link
https://vuldb.com/?ctiid.288967 Permissions Required,VDB Entry
https://vuldb.com/?id.288967 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.465082 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12787, you might also want to check these: