CVE-2024-35354 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2024-35354?

CVE-2024-35354 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary SQL commands through the id parameter in Diño Physics School Assistant. It affects all users of version 2.3 who have access to the vulnerable endpoint, potentially leading to data theft, manipulation, or system compromise.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the id parameter in Diño Physics School Assistant. It affects all users of version 2.3 who have access to the vulnerable endpoint, potentially leading to data theft, manipulation, or system compromise.

💻 Affected Systems

Products:

Diño Physics School Assistant

Versions: 2.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation; requires access to /classes/Master.php?f=save_category endpoint.

📦 What is this software?

Dino Physics School Assistant by Dino Physics School Assistant Project

View all CVEs affecting Dino Physics School Assistant →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, modification, or deletion; potential remote code execution if database permissions allow; full system takeover.

🟠

Likely Case

Unauthorized data access and extraction of sensitive information from the database, potentially including user credentials, personal data, or academic records.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Error-based SQL injection allows easy exploitation; public proof-of-concept available in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Contact vendor for updated version or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation for the id parameter to only accept expected values

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint

🧯 If You Can't Patch

Restrict access to /classes/Master.php endpoint using network controls or authentication
Implement parameterized queries or prepared statements in the application code

🔍 How to Verify

Check if Vulnerable:

Test the /classes/Master.php?f=save_category endpoint with SQL injection payloads in the id parameter

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and return appropriate error handling

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed requests to /classes/Master.php with SQL patterns

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, etc.) in id parameter

SIEM Query:

source="web_logs" AND uri="/classes/Master.php" AND (query="*SELECT*" OR query="*UNION*" OR query="*OR 1=1*")

📊 Metadata

CVE ID: CVE-2024-35354

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 30, 2024

Last Updated: April 11, 2025

🔗 References

https://vuln.pentester.stream/pentester-vulnerability-research/post/2298670/vuln9-error-based-sql-injection Exploit,Third Party Advisory
https://vuln.pentester.stream/pentester-vulnerability-research/post/2298670/vuln9-error-based-sql-injection Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35354, you might also want to check these: