CVE-2024-4910
📋 TL;DR
This CVE describes a critical SQL injection vulnerability in Campcodes Complete Web-Based School Management System 1.0. Attackers can manipulate the 'grade' parameter in the /view/student_exam_mark_insert_form1.php file to execute arbitrary SQL commands. Organizations using this specific version of the school management system are affected.
💻 Affected Systems
- Campcodes Complete Web-Based School Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data manipulation, or full system takeover via SQL injection to execute arbitrary commands.
Likely Case
Unauthorized access to sensitive student and administrative data, grade manipulation, or privilege escalation within the application.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only error messages or limited data exposure.
🎯 Exploit Status
Exploit details are publicly available in GitHub repositories; remote exploitation is straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
No official patch available. Consider upgrading to a newer version if available, or implement workarounds.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement parameterized queries or input validation for the 'grade' parameter in the vulnerable PHP file.
Modify /view/student_exam_mark_insert_form1.php to use prepared statements with PDO or mysqli.
Web Application Firewall (WAF) Rules
allDeploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint.
Configure WAF to block requests containing SQL keywords like UNION, SELECT, INSERT targeting /view/student_exam_mark_insert_form1.php.
🧯 If You Can't Patch
- Restrict network access to the application using firewalls or network segmentation.
- Monitor logs for unusual database queries or access patterns to the vulnerable file.
🔍 How to Verify
Check if Vulnerable:
Check if the file /view/student_exam_mark_insert_form1.php exists and is accessible in version 1.0 installations.Check Version:
Check application version in admin panel or configuration files; no standard command available.Verify Fix Applied:
Test the 'grade' parameter with SQL injection payloads; if fixed, it should reject or sanitize input without executing SQL.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- HTTP requests to /view/student_exam_mark_insert_form1.php with SQL keywords in parameters
Network Indicators:
- HTTP traffic to the vulnerable endpoint with suspicious parameter values
SIEM Query:
source="web_logs" AND uri="/view/student_exam_mark_insert_form1.php" AND (param="grade" AND value MATCH "(?i)(union|select|insert|delete|update|or|and)")🔗 References
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf
- https://vuldb.com/?ctiid.264445
- https://vuldb.com/?id.264445
- https://vuldb.com/?submit.333296
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf
- https://vuldb.com/?ctiid.264445
- https://vuldb.com/?id.264445
- https://vuldb.com/?submit.333296
