CVE-2024-5103
📋 TL;DR
This is a critical SQL injection vulnerability in Campcodes Complete Web-Based School Management System 1.0. Attackers can manipulate the 'grade' parameter in the /view/student_first_payment.php file to execute arbitrary SQL commands. The vulnerability affects all users of this software version and can be exploited remotely without authentication.
💻 Affected Systems
- Campcodes Complete Web-Based School Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution if database functions allow it.
Likely Case
Unauthorized access to sensitive student and school data, including personal information, grades, and financial records.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection.
🎯 Exploit Status
Exploit details are publicly available in GitHub repositories. The vulnerability requires no authentication and has simple exploitation vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Implement parameterized queries and input validation in /view/student_first_payment.php. Replace dynamic SQL with prepared statements.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy a WAF with SQL injection protection rules to block malicious requests.
Access Restriction
linuxRestrict access to /view/student_first_payment.php file using web server configuration.
# Apache: Add to .htaccess
<Files "student_first_payment.php">
Order Deny,Allow
Deny from all
</Files>
# Nginx: Add to server block
location ~ /view/student_first_payment.php {
deny all;
}
🧯 If You Can't Patch
- Implement network segmentation to isolate the vulnerable system from sensitive data stores.
- Deploy database monitoring to detect unusual SQL queries and access patterns.
🔍 How to Verify
Check if Vulnerable:
Test the /view/student_first_payment.php endpoint with SQL injection payloads in the 'grade' parameter. Monitor for database errors or unexpected responses.Check Version:
Check the software version in the admin panel or configuration files. Look for version 1.0 in the source code or documentation.Verify Fix Applied:
Attempt SQL injection attacks against the fixed endpoint. Verify that parameterized queries are implemented and input validation rejects malicious payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed login attempts following SQL injection patterns
- Requests to /view/student_first_payment.php with suspicious parameters
Network Indicators:
- HTTP requests containing SQL keywords (UNION, SELECT, INSERT) in URL parameters
- Unusual database connection patterns from web servers
SIEM Query:
source="web_logs" AND (url="*student_first_payment.php*" AND (param="*UNION*" OR param="*SELECT*" OR param="*INSERT*" OR param="*--*"))🔗 References
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf
- https://vuldb.com/?ctiid.265093
- https://vuldb.com/?id.265093
- https://vuldb.com/?submit.338506
- https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf
- https://vuldb.com/?ctiid.265093
- https://vuldb.com/?id.265093
- https://vuldb.com/?submit.338506
