CVE-2024-1829
📋 TL;DR
This critical SQL injection vulnerability in code-projects Library System 1.0 allows attackers to manipulate database queries through the student registration form. Remote attackers can potentially access, modify, or delete sensitive library data. All deployments of Library System 1.0 with the vulnerable student registration functionality are affected.
💻 Affected Systems
- code-projects Library System
📦 What is this software?
Library System by Code Projects
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including exfiltration of sensitive user data, administrative credentials theft, and potential system takeover through privilege escalation.
Likely Case
Data exfiltration of student records, manipulation of library data, and potential authentication bypass to gain unauthorized access.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing successful exploitation.
🎯 Exploit Status
Public exploit details available on GitHub. SQL injection via email, regno, phone, and username parameters requires minimal technical skill to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Implement parameterized queries and input validation in registration.php. Replace raw SQL queries with prepared statements using PDO or mysqli.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd server-side validation and sanitization for email, regno, phone, and username parameters before database queries.
Edit Source/librarian/user/student/registration.php to implement parameterized queries
Web Application Firewall Rules
allDeploy WAF rules to block SQL injection patterns targeting the registration endpoint.
Add WAF rules to detect and block SQL injection attempts on /librarian/user/student/registration.php
🧯 If You Can't Patch
- Restrict network access to the Library System to trusted IP addresses only
- Disable student registration functionality if not required
🔍 How to Verify
Check if Vulnerable:
Test the registration form with SQL injection payloads in email, regno, phone, or username fields and observe database errors or unexpected behavior.Check Version:
Check the software version in documentation or configuration files. Look for 'Library System 1.0' references.Verify Fix Applied:
Attempt SQL injection after implementing parameterized queries - successful fix should return proper error messages without database exposure.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL syntax in POST parameters to registration.php
- Database error messages in application logs
- Multiple failed registration attempts with special characters
Network Indicators:
- POST requests to /librarian/user/student/registration.php containing SQL keywords (UNION, SELECT, INSERT, etc.)
- Abnormal traffic patterns to registration endpoint
SIEM Query:
source="web_logs" AND uri="/librarian/user/student/registration.php" AND (request_body CONTAINS "UNION" OR request_body CONTAINS "SELECT" OR request_body CONTAINS "INSERT" OR request_body CONTAINS "DELETE")🔗 References
- https://github.com/jxp98/VulResearch/blob/main/2024/02/3.4Library%20System%20In%20PHP%20-%20SQL%20Injection-student_reg.md
- https://vuldb.com/?ctiid.254617
- https://vuldb.com/?id.254617
- https://github.com/jxp98/VulResearch/blob/main/2024/02/3.4Library%20System%20In%20PHP%20-%20SQL%20Injection-student_reg.md
- https://vuldb.com/?ctiid.254617
- https://vuldb.com/?id.254617
