CVE-2024-36673
📋 TL;DR
CVE-2024-36673 allows attackers to execute arbitrary SQL commands through the login.php page in Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0. This SQL injection vulnerability can lead to authentication bypass, data theft, or complete system compromise. All users running the vulnerable version of this software are affected.
💻 Affected Systems
- Sourcecodester Pharmacy/Medical Store Point of Sale System
📦 What is this software?
Pharmacy\/medical Store Point Of Sale System by Pharmacy\/medical Store Point Of Sale System Project
View all CVEs affecting Pharmacy\/medical Store Point Of Sale System →
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including theft of sensitive medical/pharmacy data, authentication bypass allowing admin access, and potential remote code execution leading to full system takeover.
Likely Case
Authentication bypass allowing unauthorized access to the POS system, extraction of sensitive customer/patient data, and potential manipulation of inventory or sales records.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only error messages or failed login attempts visible to attacker.
🎯 Exploit Status
SQL injection in login page requires no authentication. Simple payloads can bypass authentication or extract data.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
1. Check Sourcecodester website for security updates. 2. If patch available, download and apply. 3. Replace vulnerable login.php with patched version. 4. Test authentication functionality.
🔧 Temporary Workarounds
Input Validation Filter
allAdd input validation to login.php to sanitize email and password parameters
Edit login.php and add: $email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
Web Application Firewall
allDeploy WAF with SQL injection protection rules
🧯 If You Can't Patch
- Isolate the system from internet access and restrict to internal network only
- Implement network segmentation and strict firewall rules limiting access to the application
🔍 How to Verify
Check if Vulnerable:
Test login.php with SQL injection payloads like: email=admin' OR '1'='1&password=anythingCheck Version:
Check application files for version information or readme.txtVerify Fix Applied:
Attempt SQL injection payloads and verify they are rejected or properly escaped📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts with SQL syntax in parameters
- Unusual database queries from web application user
- Login attempts with special characters like quotes, semicolons
Network Indicators:
- HTTP POST requests to login.php containing SQL keywords
- Unusual traffic patterns to database port from web server
SIEM Query:
source="web_logs" AND uri="/login.php" AND (message="%OR%" OR message="%UNION%" OR message="%SELECT%" OR message="%'%'%'")