CVE-2024-34933
📋 TL;DR
This SQL injection vulnerability in Campcodes Complete Web-Based School Management System 1.0 allows attackers to execute arbitrary SQL commands through the admission_fee parameter in the /model/update_grade.php endpoint. This could lead to unauthorized data access, modification, or deletion. Organizations using this specific version of the school management system are affected.
💻 Affected Systems
- Campcodes Complete Web-Based School Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including sensitive student/personnel data exposure, data destruction, or full system takeover via privilege escalation.
Likely Case
Unauthorized access to student records, grade manipulation, financial data exposure, or system disruption.
If Mitigated
Limited impact with proper input validation and database permissions restricting damage to non-critical data.
🎯 Exploit Status
SQL injection via admission_fee parameter is straightforward to exploit with common SQLi techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
No official patch available. Implement workarounds or replace with secure alternative software.
🔧 Temporary Workarounds
Input Validation and Parameterized Queries
allModify /model/update_grade.php to use prepared statements with parameterized queries instead of direct string concatenation.
Replace vulnerable SQL code with: $stmt = $conn->prepare('UPDATE grades SET admission_fee = ? WHERE id = ?'); $stmt->bind_param('si', $admission_fee, $id); $stmt->execute();
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection patterns targeting the admission_fee parameter.
Configure WAF to block requests containing SQL keywords (UNION, SELECT, INSERT, etc.) in admission_fee parameter
🧯 If You Can't Patch
- Restrict network access to the application using firewall rules to only trusted IP addresses
- Implement database user with minimal privileges (read-only if possible) for the application
🔍 How to Verify
Check if Vulnerable:
Test /model/update_grade.php endpoint with SQL injection payloads in admission_fee parameter (e.g., admission_fee=1' OR '1'='1)Check Version:
Check application version in admin panel or readme filesVerify Fix Applied:
Verify that SQL injection payloads no longer execute and return appropriate error messages or are blocked📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in web server logs
- Multiple failed login attempts following SQL injection patterns
- Unexpected database queries from web application user
Network Indicators:
- HTTP requests to /model/update_grade.php with SQL keywords in parameters
- Unusual database traffic patterns from web server
SIEM Query:
source="web_server.log" AND uri="/model/update_grade.php" AND (admission_fee="*'*" OR admission_fee="*UNION*" OR admission_fee="*SELECT*")🔗 References
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf
