CVE-2024-36597
📋 TL;DR
Aegon Life v1.0 Life Insurance Management System contains a SQL injection vulnerability in the client_id parameter at clientStatus.php. This allows attackers to execute arbitrary SQL commands on the database. Organizations using this specific version of the software are affected.
💻 Affected Systems
- Aegon Life Life Insurance Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution if database permissions allow.
Likely Case
Unauthorized data access, extraction of sensitive client information, and potential privilege escalation within the application.
If Mitigated
Limited to no impact with proper input validation, parameterized queries, and database permission restrictions.
🎯 Exploit Status
Public exploit code is available on Exploit-DB and GitHub. The vulnerability requires no authentication and has simple exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None found
Restart Required: No
Instructions:
No official patch available. Consider migrating to supported software or implementing workarounds.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to only accept numeric values for client_id parameter
Modify clientStatus.php to validate client_id parameter with is_numeric() or similar function
Web Application Firewall Rule
allBlock SQL injection patterns in client_id parameter
Add WAF rule to detect and block SQL injection patterns in POST/GET parameters
🧯 If You Can't Patch
- Implement network segmentation to isolate the vulnerable system from sensitive networks
- Add strict database user permissions to limit potential damage from SQL injection
🔍 How to Verify
Check if Vulnerable:
Test clientStatus.php endpoint with SQL injection payloads in client_id parameter (e.g., client_id=1' OR '1'='1)Check Version:
Check software version in admin panel or readme filesVerify Fix Applied:
Test with same payloads after implementing fixes - should return error or no data instead of executing SQL📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed parameter validation attempts
- Suspicious client_id parameter values containing SQL keywords
Network Indicators:
- HTTP requests to clientStatus.php with SQL injection patterns in parameters
- Unusual database query patterns from application server
SIEM Query:
source="web_logs" AND uri="*clientStatus.php*" AND (param="*OR*" OR param="*UNION*" OR param="*SELECT*" OR param="*--*" OR param="*'*'*'*")🔗 References
- https://github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c68bfd3708a7d6e089181024131f4e927/vendors/projectworlds.in/AEGON%20LIFE%20v1.0%20Life%20Insurance%20Management%20System/CVE-2024-36597
- https://www.exploit-db.com/exploits/52046
- https://github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c68bfd3708a7d6e089181024131f4e927/vendors/projectworlds.in/AEGON%20LIFE%20v1.0%20Life%20Insurance%20Management%20System/CVE-2024-36597
