CVE-2024-34929
📋 TL;DR
This SQL injection vulnerability in Campcodes Complete Web-Based School Management System 1.0 allows attackers to execute arbitrary SQL commands through the my_index parameter in the find_friends.php file. This can lead to unauthorized data access, modification, or deletion. All deployments of version 1.0 are affected.
💻 Affected Systems
- Campcodes Complete Web-Based School Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including sensitive student/teacher data exfiltration, authentication bypass, remote code execution via database functions, and system takeover.
Likely Case
Data theft of sensitive information (student records, grades, personal data), privilege escalation, and potential lateral movement within the system.
If Mitigated
Limited impact with proper input validation, parameterized queries, and network segmentation preventing database access.
🎯 Exploit Status
SQL injection via GET parameter requires minimal technical skill. Public proof-of-concept available in GitHub repository.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
No official patch available. Implement workarounds or migrate to alternative software.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to sanitize my_index parameter before processing
Modify /view/find_friends.php to validate my_index parameter using preg_match('/^[a-zA-Z0-9]+$/', $_GET['my_index']) or similar
WAF Rule Implementation
allDeploy web application firewall rules to block SQL injection patterns
Add WAF rule: deny requests containing SQL keywords (UNION, SELECT, INSERT, etc.) in my_index parameter
🧯 If You Can't Patch
- Isolate the system behind a reverse proxy with strict input validation
- Implement network segmentation to restrict database access from web servers
🔍 How to Verify
Check if Vulnerable:
Test by sending payload: /view/find_friends.php?my_index=1' OR '1'='1 and checking for SQL errors or unexpected resultsCheck Version:
Check system version in admin panel or readme filesVerify Fix Applied:
Attempt SQL injection payloads and verify they are rejected or sanitized without database errors📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in web server logs
- Multiple requests with SQL keywords in my_index parameter
- Requests to find_friends.php with suspicious payloads
Network Indicators:
- HTTP requests containing SQL injection patterns in query strings
- Unusual database query patterns from web server IP
SIEM Query:
source="web_logs" AND uri="/view/find_friends.php" AND (query="*UNION*" OR query="*SELECT*" OR query="*OR '1'='1*")🔗 References
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf
