CVE-2024-4919
📋 TL;DR
This is a critical SQL injection vulnerability in Campcodes Online Examination System 1.0 that allows remote attackers to execute arbitrary SQL commands via the course_name parameter in the /adminpanel/admin/query/addCourseExe.php file. Attackers can potentially read, modify, or delete database content. All users running the vulnerable version are affected.
💻 Affected Systems
- Campcodes Online Examination System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, privilege escalation to admin, and potential remote code execution via database functions.
Likely Case
Unauthorized data access, user credential theft, exam result manipulation, and system integrity compromise.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database user privilege restrictions.
🎯 Exploit Status
Exploit details are publicly available on GitHub. Attack requires access to the admin panel endpoint but may be combined with other vulnerabilities for full exploitation chain.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Implement parameterized queries in addCourseExe.php, validate and sanitize all user inputs, and apply proper authentication checks.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd server-side validation and sanitization for the course_name parameter before processing.
Edit /adminpanel/admin/query/addCourseExe.php to add input validation
Web Application Firewall Rules
allImplement WAF rules to block SQL injection patterns targeting the vulnerable endpoint.
Add WAF rule: Block requests to /adminpanel/admin/query/addCourseExe.php with SQL injection patterns in course_name parameter
🧯 If You Can't Patch
- Restrict access to /adminpanel/admin/query/addCourseExe.php using network ACLs or authentication requirements
- Implement database user privilege restrictions to limit potential damage from SQL injection
🔍 How to Verify
Check if Vulnerable:
Test the /adminpanel/admin/query/addCourseExe.php endpoint with SQL injection payloads in the course_name parameter and observe database errors or unexpected behavior.Check Version:
Check system documentation or configuration files for version information. No standard command available.Verify Fix Applied:
Test with SQL injection payloads after implementing fixes - should receive proper error handling or rejection without database errors.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed login attempts followed by access to vulnerable endpoint
- Unexpected database queries from application user
Network Indicators:
- HTTP POST requests to /adminpanel/admin/query/addCourseExe.php containing SQL keywords in parameters
- Unusual database traffic patterns from web server
SIEM Query:
source="web_logs" AND uri="/adminpanel/admin/query/addCourseExe.php" AND (param="course_name" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|--|#|;)")🔗 References
- https://github.com/yylmm/CVE/blob/main/Online%20Examination%20System%20With%20Timer/SQL_addCourseExe.md
- https://vuldb.com/?ctiid.264454
- https://vuldb.com/?id.264454
- https://vuldb.com/?submit.333416
- https://github.com/yylmm/CVE/blob/main/Online%20Examination%20System%20With%20Timer/SQL_addCourseExe.md
- https://vuldb.com/?ctiid.264454
- https://vuldb.com/?id.264454
- https://vuldb.com/?submit.333416
