CVE-2024-44798 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2024-44798?

CVE-2024-44798 has a CVSS score of 4.8 (MEDIUM). This vulnerability allows attackers to inject malicious scripts into the Bus Pass Management System's admin report page through date parameters. When an admin views the compromised report, the script executes in their browser context. This affects all installations of phpgurukul Bus Pass Management System 1.0.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into the Bus Pass Management System's admin report page through date parameters. When an admin views the compromised report, the script executes in their browser context. This affects all installations of phpgurukul Bus Pass Management System 1.0.

💻 Affected Systems

Products:

phpgurukul Bus Pass Management System

Versions: 1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin access to the vulnerable page (/admin/pass-bwdates-reports-details.php)

📦 What is this software?

Bus Pass Management System by Anujk305

View all CVEs affecting Bus Pass Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Admin session hijacking leading to full system compromise, data theft, or malware distribution to other users.

🟠

Likely Case

Session theft allowing unauthorized admin access, data manipulation, or defacement of admin interface.

🟢

If Mitigated

Limited impact due to input validation, output encoding, or admin-only access restrictions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin access to the vulnerable page, but XSS payloads can be crafted with basic web security knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Implement workarounds or manually fix the vulnerable code by adding input validation and output encoding.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Add server-side validation for fromdate and todate parameters and encode output to prevent script execution.

Edit /admin/pass-bwdates-reports-details.php to validate date format and use htmlspecialchars() on output

WAF Rule Implementation

all

Deploy web application firewall rules to block XSS payloads in date parameters.

Add WAF rule: Detect and block scripts in fromdate/todate parameters

🧯 If You Can't Patch

Restrict admin panel access to trusted IP addresses only
Implement Content Security Policy (CSP) headers to block inline script execution

🔍 How to Verify

Check if Vulnerable:

Test by injecting <script>alert('XSS')</script> into fromdate or todate parameters on the vulnerable page and check if script executes.

Check Version:

Check system version in admin panel or readme files

Verify Fix Applied:

After applying fixes, repeat the XSS test to confirm scripts no longer execute.

📡 Detection & Monitoring

Log Indicators:

Unusual date parameter values containing script tags or JavaScript in access logs
Multiple failed admin login attempts followed by XSS payloads

Network Indicators:

HTTP requests to /admin/pass-bwdates-reports-details.php with script tags in parameters
Unusual outbound connections from admin sessions

SIEM Query:

source="web_logs" AND uri="/admin/pass-bwdates-reports-details.php" AND (param="fromdate" OR param="todate") AND (value="*<script>*" OR value="*javascript:*")

📊 Metadata

CVE ID: CVE-2024-44798

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: September 13, 2024

Last Updated: September 16, 2024

🔗 References

https://github.com/shouvikdutta1998/Bus_management Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-44798, you might also want to check these: