CVE-2024-33411
📋 TL;DR
A SQL injection vulnerability in Campcodes Complete Web-Based School Management System 1.0 allows attackers to execute arbitrary SQL commands via the my_index parameter in /model/get_admin_profile.php. This can lead to unauthorized data access, modification, or deletion. All deployments of version 1.0 are affected.
💻 Affected Systems
- Campcodes Complete Web-Based School Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including admin credential theft, data exfiltration, system takeover, and potential lateral movement to connected systems.
Likely Case
Unauthorized access to sensitive student/teacher data, grade manipulation, financial data exposure, and privilege escalation.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.
🎯 Exploit Status
SQL injection via GET parameter requires minimal technical skill to exploit. Public proof-of-concept available in GitHub references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
No official patch available. Implement workarounds or migrate to alternative software.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to sanitize my_index parameter before processing
Edit /model/get_admin_profile.php to add: if(!is_numeric($_GET['my_index'])) { die('Invalid input'); }
Web Application Firewall Rule
allBlock SQL injection patterns targeting the vulnerable endpoint
WAF rule: deny requests to /model/get_admin_profile.php containing SQL keywords in my_index parameter
🧯 If You Can't Patch
- Implement network segmentation to isolate the vulnerable system from critical infrastructure
- Deploy a web application firewall with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Test by sending a request to /model/get_admin_profile.php?my_index=1' OR '1'='1 and checking for SQL errors or unexpected responsesCheck Version:
Check system documentation or admin panel for version informationVerify Fix Applied:
Test with same payload after implementing fixes - should return error or sanitized response without SQL execution📡 Detection & Monitoring
Log Indicators:
- Multiple requests to /model/get_admin_profile.php with SQL keywords in parameters
- Database error logs showing SQL syntax errors from this endpoint
Network Indicators:
- HTTP requests containing SQL injection payloads in GET parameters
- Unusual database query patterns originating from web server
SIEM Query:
source="web_logs" AND uri="/model/get_admin_profile.php" AND (param="my_index" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|--|'|;)")🔗 References
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf
