CVE-2024-4912
📋 TL;DR
This critical SQL injection vulnerability in Campcodes Online Examination System 1.0 allows attackers to manipulate database queries through the examTitle parameter in addExamExe.php. Remote attackers can potentially access, modify, or delete sensitive examination data. All deployments of version 1.0 are affected.
💻 Affected Systems
- Campcodes Online Examination System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including credential theft, data destruction, and potential remote code execution via database functions.
Likely Case
Unauthorized access to examination data, student records, and potential privilege escalation within the application.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only error messages or minor data exposure.
🎯 Exploit Status
Public exploit code is available on GitHub, making this easily exploitable by attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Consider migrating to a maintained alternative or implementing workarounds.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement parameterized queries or prepared statements for the examTitle parameter in addExamExe.php
Modify addExamExe.php to use prepared statements: $stmt = $conn->prepare('INSERT INTO exams (title) VALUES (?)'); $stmt->bind_param('s', $examTitle);
Web Application Firewall Rules
allBlock SQL injection patterns targeting the addExamExe.php endpoint
WAF rule to block: "examTitle.*(SELECT|UNION|INSERT|UPDATE|DELETE|DROP|ALTER)"
🧯 If You Can't Patch
- Isolate the application behind a reverse proxy with strict input validation
- Implement network segmentation and restrict database access to only necessary application components
🔍 How to Verify
Check if Vulnerable:
Test the addExamExe.php endpoint with SQL injection payloads in the examTitle parameter (e.g., examTitle=test' OR '1'='1)Check Version:
Check application version in admin panel or readme files; system is vulnerable if version is 1.0Verify Fix Applied:
Verify that parameterized queries are implemented and SQL injection attempts return proper error handling without database interaction📡 Detection & Monitoring
Log Indicators:
- Multiple failed SQL queries from same source
- Unusual database access patterns
- Error logs showing SQL syntax errors
Network Indicators:
- HTTP POST requests to addExamExe.php containing SQL keywords in parameters
- Unusual database port traffic from web server
SIEM Query:
source="web_logs" AND uri="/addExamExe.php" AND (param="*SELECT*" OR param="*UNION*" OR param="*INSERT*" OR param="*DROP*")🔗 References
- https://github.com/yylmm/CVE/blob/main/Online%20Examination%20System%20With%20Timer/SQL_addExamExe.md
- https://vuldb.com/?ctiid.264447
- https://vuldb.com/?id.264447
- https://vuldb.com/?submit.333402
- https://github.com/yylmm/CVE/blob/main/Online%20Examination%20System%20With%20Timer/SQL_addExamExe.md
- https://vuldb.com/?ctiid.264447
- https://vuldb.com/?id.264447
- https://vuldb.com/?submit.333402
