CVE-2024-3087
📋 TL;DR
This is a critical SQL injection vulnerability in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Attackers can execute arbitrary SQL commands through the searchdata parameter in ambulance-tracking.php, potentially compromising the database. All installations of version 1.0 are affected.
💻 Affected Systems
- PHPGurukul Emergency Ambulance Hiring Portal
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, and potential remote code execution via database functions.
Likely Case
Database information disclosure, credential theft, and data manipulation affecting ambulance operations.
If Mitigated
Limited impact with proper input validation and database permissions restricting damage to non-critical data.
🎯 Exploit Status
Exploit code is publicly available on GitHub. Remote exploitation requires no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Consider workarounds or migrating to alternative software.
🔧 Temporary Workarounds
Input Validation and Parameterized Queries
allModify ambulance-tracking.php to implement proper input validation and use prepared statements for SQL queries.
Edit ambulance-tracking.php to replace raw SQL queries with parameterized queries using PDO or mysqli prepared statements.
WAF Rule Implementation
allDeploy web application firewall rules to block SQL injection patterns in searchdata parameter.
Add WAF rule: Detect and block SQL injection patterns in POST/GET parameters containing 'searchdata'.
🧯 If You Can't Patch
- Isolate the vulnerable system from internet access and restrict to internal network only.
- Implement strict network segmentation and monitor all database access from the application server.
🔍 How to Verify
Check if Vulnerable:
Check if ambulance-tracking.php exists and contains unsanitized searchdata parameter usage in SQL queries.Check Version:
Check application version in configuration files or about pages.Verify Fix Applied:
Test the search functionality with SQL injection payloads to ensure they are properly blocked or sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts following search requests
- SQL syntax errors in application logs
Network Indicators:
- HTTP requests to ambulance-tracking.php with SQL keywords in parameters
- Unusual database connection patterns from application server
SIEM Query:
source="web_logs" AND uri="*ambulance-tracking.php*" AND (param="*searchdata*" AND value="*UNION* OR value="*SELECT*" OR value="*INSERT*" OR value="*DELETE*")🔗 References
- https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rce.md
- https://vuldb.com/?ctiid.258680
- https://vuldb.com/?id.258680
- https://vuldb.com/?submit.306961
- https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rce.md
- https://vuldb.com/?ctiid.258680
- https://vuldb.com/?id.258680
- https://vuldb.com/?submit.306961
