CVE-2024-12958
📋 TL;DR
This critical SQL injection vulnerability in Portfolio Management System MCA 1.0 allows remote attackers to execute arbitrary SQL commands via the 'q' parameter in /update_pro_details.php. All users running this specific version are affected, and successful exploitation could lead to complete database compromise.
💻 Affected Systems
- Portfolio Management System MCA
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, privilege escalation, and potential server takeover via SQL injection to RCE chaining.
Likely Case
Unauthorized access to sensitive portfolio data, user information theft, and potential data corruption.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permissions in place.
🎯 Exploit Status
Exploit details are publicly available on GitHub, making this easily exploitable by attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://1000projects.org/
Restart Required: No
Instructions:
1. Check vendor website for updates 2. If patch available, download and apply 3. Replace vulnerable /update_pro_details.php file 4. Test functionality
🔧 Temporary Workarounds
Input Validation Filter
allAdd input validation to sanitize the 'q' parameter before processing
// In /update_pro_details.php, add: $q = mysqli_real_escape_string($connection, $_GET['q']);
Parameterized Query Implementation
allReplace vulnerable SQL queries with prepared statements
// Replace direct query with: $stmt = $connection->prepare('SELECT * FROM table WHERE column = ?'); $stmt->bind_param('s', $q); $stmt->execute();
🧯 If You Can't Patch
- Implement WAF rules to block SQL injection patterns targeting /update_pro_details.php
- Restrict network access to the application using firewall rules
🔍 How to Verify
Check if Vulnerable:
Test /update_pro_details.php?q=1' OR '1'='1 and observe if SQL error or unexpected behavior occursCheck Version:
Check application documentation or source code for version informationVerify Fix Applied:
Test same payload after fix and confirm proper error handling or rejection📡 Detection & Monitoring
Log Indicators:
- SQL syntax errors in PHP/application logs
- Unusual database queries from web server IP
- Multiple failed parameter attempts on /update_pro_details.php
Network Indicators:
- HTTP requests to /update_pro_details.php with SQL keywords in parameters
- Unusual database traffic patterns
SIEM Query:
source="web_logs" AND uri="/update_pro_details.php" AND (param="q" AND value MATCHES "'.*OR.*|'.*AND.*|'.*UNION.*")🔗 References
- https://1000projects.org/
- https://github.com/dawatermelon/CVE/blob/main/Portfolio%20Management%20System%20MCA%20Project/README6.md
- https://vuldb.com/?ctiid.289323
- https://vuldb.com/?id.289323
- https://vuldb.com/?submit.468799
- https://github.com/dawatermelon/CVE/blob/main/Portfolio%20Management%20System%20MCA%20Project/README6.md
