CVE-2024-12955
📋 TL;DR
This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against the PHPGurukul Blood Bank & Donor Management System. Attackers can trick authenticated users into executing unintended actions via the /logout.php endpoint. All users of version 2.4 are affected.
💻 Affected Systems
- PHPGurukul Blood Bank & Donor Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could force users to perform administrative actions like changing system settings, deleting data, or creating new accounts with elevated privileges.
Likely Case
Attackers trick users into logging out unexpectedly or performing minor unauthorized actions within their own account scope.
If Mitigated
With proper CSRF protections, the attack fails and users experience no impact beyond seeing failed requests.
🎯 Exploit Status
Exploit requires user interaction but is simple to execute once a user visits a malicious page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://phpgurukul.com/
Restart Required: No
Instructions:
No official patch available. Consider upgrading to a newer version if available or implementing CSRF protections manually.
🔧 Temporary Workarounds
Implement CSRF Tokens
allAdd CSRF tokens to all forms and validate them on the server side.
Edit /logout.php and related files to include and validate CSRF tokens
Use SameSite Cookies
allSet SameSite=Strict or Lax on session cookies to prevent CSRF attacks.
Set session.cookie_samesite = Strict in php.ini or via session_set_cookie_params()
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to detect and block CSRF patterns
- Educate users about phishing risks and require re-authentication for sensitive actions
🔍 How to Verify
Check if Vulnerable:
Check if /logout.php endpoint lacks CSRF token validation by reviewing source code or testing with CSRF PoC tools.Check Version:
Check version in admin panel or review system documentation filesVerify Fix Applied:
Test that CSRF tokens are required and validated for logout actions using tools like Burp Suite CSRF PoC generator.📡 Detection & Monitoring
Log Indicators:
- Multiple logout requests from same user in short time
- Logout requests without referrer headers or with external referrers
Network Indicators:
- HTTP POST requests to /logout.php without CSRF tokens
- Requests with suspicious referrer domains
SIEM Query:
source="web_logs" AND uri="/logout.php" AND NOT csrf_token=*