CVE-2024-34987 – This SQL injection vulnerability in PHPGurukul ... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in PHPGurukul Online Fire Reporting System allows attackers to bypass authentication by injecting malicious SQL commands into the username field during login. Attackers can gain unauthorized administrative access to the system. Organizations using PHPGurukul Online Fire Reporting System 1.2 are affected.

💻 Affected Systems

Products:

PHPGurukul Online Fire Reporting System

Versions: 1.2

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the admin login page at /ofrs/admin/index.php

📦 What is this software?

Online Fire Reporting System by Phpgurukul

View all CVEs affecting Online Fire Reporting System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to access, modify, or delete all fire reporting data, potentially install backdoors, and pivot to other systems.

🟠

Likely Case

Unauthorized administrative access leading to data theft, system manipulation, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper network segmentation, WAF protection, and monitoring detecting exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple SQL injection requiring no authentication, with public exploit code available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Review vendor website for updates
2. If no patch available, implement workarounds
3. Consider replacing with alternative software

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add parameterized queries and input validation to the login script

Modify ofrs/admin/index.php to use prepared statements with PDO or mysqli

Web Application Firewall Rules

all

Block SQL injection patterns targeting the admin login endpoint

Add WAF rule: Block requests to /ofrs/admin/index.php containing SQL keywords in username parameter

🧯 If You Can't Patch

Isolate the system behind a firewall with strict access controls
Implement network segmentation to limit lateral movement if compromised

🔍 How to Verify

Check if Vulnerable:

Test the login page at /ofrs/admin/index.php with SQL injection payloads in username field

Check Version:

Check system documentation or configuration files for version information

Verify Fix Applied:

Attempt SQL injection after implementing fixes and verify login fails with malicious input

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts with SQL keywords in username field
Successful admin logins from unusual IP addresses

Network Indicators:

HTTP POST requests to /ofrs/admin/index.php containing SQL injection patterns

SIEM Query:

source="web_logs" AND uri="/ofrs/admin/index.php" AND (username CONTAINS "' OR" OR username CONTAINS "--" OR username CONTAINS "UNION")

📊 Metadata

CVE ID: CVE-2024-34987

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-89

Published: June 3, 2024

Last Updated: April 3, 2025

🔗 References

https://github.com/MarkLee131/PoCs/blob/main/CVE-2024-34987.md Exploit,Third Party Advisory
https://www.exploit-db.com/exploits/51989 Exploit,Third Party Advisory
https://github.com/MarkLee131/PoCs/blob/main/CVE-2024-34987.md Exploit,Third Party Advisory
https://www.exploit-db.com/exploits/51989 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34987, you might also want to check these: