CVE-2024-5065 – This critical SQL injection vulnerability in PH... (How to Fix)

Q: What is the severity of CVE-2024-5065?

CVE-2024-5065 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in PHPGurukul Online Course Registration System 3.1 allows remote attackers to execute arbitrary SQL commands via the 'regno' parameter. Unauthenticated attackers can potentially access, modify, or delete database content. All systems running the vulnerable version are affected.

📋 TL;DR

This critical SQL injection vulnerability in PHPGurukul Online Course Registration System 3.1 allows remote attackers to execute arbitrary SQL commands via the 'regno' parameter. Unauthenticated attackers can potentially access, modify, or delete database content. All systems running the vulnerable version are affected.

💻 Affected Systems

Products:

PHPGurukul Online Course Registration System

Versions: 3.1

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Online Course Registration System by Phpgurukul

View all CVEs affecting Online Course Registration System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential authentication bypass leading to system compromise.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and WAF protection blocking malicious SQL patterns.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making this easily exploitable by attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider implementing parameterized queries in the affected code or migrating to a supported alternative.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation for the 'regno' parameter to only accept expected formats

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint

🧯 If You Can't Patch

Isolate the system behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Test the /onlinecourse/ endpoint with SQL injection payloads in the 'regno' parameter and observe database errors or unexpected responses.

Check Version:

Check the system documentation or configuration files for version information, typically found in readme files or admin panels.

Verify Fix Applied:

After implementing fixes, test with the same SQL injection payloads to ensure they are properly rejected or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts with SQL patterns
Unexpected database queries from application user

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, etc.) in the 'regno' parameter
Unusual database connection patterns from application server

SIEM Query:

source="web_logs" AND (url="/onlinecourse/" AND (param="regno" AND value MATCHES "(?i)(SELECT|UNION|INSERT|DELETE|UPDATE|DROP|OR|AND)"))

📊 Metadata

CVE ID: CVE-2024-5065

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: May 17, 2024

Last Updated: March 3, 2025

🔗 References

https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%203%20(Unauthenticated).md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.264924 Permissions Required,VDB Entry
https://vuldb.com/?id.264924 Permissions Required,VDB Entry
https://vuldb.com/?submit.336239 Third Party Advisory,VDB Entry
https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%203%20(Unauthenticated).md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.264924 Permissions Required,VDB Entry
https://vuldb.com/?id.264924 Permissions Required,VDB Entry
https://vuldb.com/?submit.336239 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5065, you might also want to check these: