CVE-2024-51066
📋 TL;DR
An Insecure Direct Object Reference (IDOR) vulnerability in Phpgurukul's Beauty Parlour Management System v1.1 allows attackers to access other customers' appointment details and Personally Identifiable Information (PII) by manipulating object references. This affects all installations of the vulnerable version, potentially exposing sensitive customer data.
💻 Affected Systems
- Phpgurukul Beauty Parlour Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Mass data breach exposing all customer PII including names, contact details, appointment history, and potentially payment information, leading to identity theft, fraud, and regulatory violations.
Likely Case
Targeted data harvesting of customer information for spam, phishing, or social engineering attacks against the business and its clients.
If Mitigated
Limited exposure of non-sensitive appointment details if proper access controls and input validation are implemented.
🎯 Exploit Status
Exploitation requires at least customer-level access. Attackers manipulate appointment IDs in appointment-detail.php to access other users' data.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: http://phpgurukul.com
Restart Required: No
Instructions:
1. Check vendor website for updates. 2. If patch available, download and apply. 3. Test functionality after patching. 4. Monitor for any issues.
🔧 Temporary Workarounds
Implement Access Control Checks
allAdd server-side authorization checks in appointment-detail.php to verify the requesting user has permission to access the requested appointment data.
Input Validation and Sanitization
allValidate and sanitize all appointment ID parameters before processing, ensuring they belong to the authenticated user.
🧯 If You Can't Patch
- Restrict access to the application using network controls (firewalls, VPNs) to limit exposure to trusted users only.
- Implement web application firewall (WAF) rules to detect and block suspicious parameter manipulation attempts.
🔍 How to Verify
Check if Vulnerable:
Authenticate as a customer, access your appointment details, then modify the appointment ID parameter in the URL to another user's ID. If you can view another user's data, the system is vulnerable.Check Version:
Check the system's admin panel or configuration files for version information, typically found in readme files or version.php.Verify Fix Applied:
After implementing fixes, repeat the vulnerability check. You should receive an access denied error or be redirected when trying to access other users' appointment data.📡 Detection & Monitoring
Log Indicators:
- Multiple failed access attempts to appointment-detail.php with different ID parameters from same user
- Unusual access patterns to appointment data outside normal business hours
Network Indicators:
- HTTP requests to appointment-detail.php with sequential or unusual ID parameters
- Traffic spikes to the appointment detail endpoint
SIEM Query:
source="web_logs" AND uri="/appointment-detail.php" AND status=200 | stats count by client_ip, uri, query_parameters | where count > threshold