CVE-2024-45918
📋 TL;DR
This SQL injection vulnerability in Fujian Kelixin Communication Command and Dispatch Platform allows attackers to execute arbitrary SQL commands via the /client/get_gis_fence.php endpoint. Systems running version 7.6.6.4391 or earlier are affected, potentially exposing sensitive data and system control.
💻 Affected Systems
- Fujian Kelixin Communication Command and Dispatch Platform
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation, and full system takeover
Likely Case
Database information disclosure including user credentials, sensitive operational data, and potential lateral movement
If Mitigated
Limited impact with proper input validation and database permissions restricting damage to non-critical data
🎯 Exploit Status
Public proof-of-concept available on GitHub gist, exploitation requires minimal technical skill
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.kirisun.com/
Restart Required: No
Instructions:
Check vendor website for security updates. If patch unavailable, implement workarounds immediately.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allBlock SQL injection patterns targeting /client/get_gis_fence.php endpoint
WAF-specific rules to block SQL injection patterns
Endpoint Restriction
linuxRestrict access to vulnerable endpoint using network controls
iptables -A INPUT -p tcp --dport 80 -m string --string "/client/get_gis_fence.php" --algo bm -j DROP
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries in application code
- Apply principle of least privilege to database accounts and restrict network access to database server
🔍 How to Verify
Check if Vulnerable:
Test /client/get_gis_fence.php endpoint with SQL injection payloads or check version against affected rangeCheck Version:
Check platform version in admin interface or configuration filesVerify Fix Applied:
Test endpoint with SQL injection payloads to confirm they're blocked or sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts following SQL injection patterns
- Access to /client/get_gis_fence.php with suspicious parameters
Network Indicators:
- HTTP requests to /client/get_gis_fence.php containing SQL keywords (SELECT, UNION, etc.)
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND uri="/client/get_gis_fence.php" AND (query CONTAINS "UNION" OR query CONTAINS "SELECT" OR query CONTAINS "--")