CVE-2024-5118 – This critical SQL injection vulnerability in So... (How to Fix)

Q: What is the severity of CVE-2024-5118?

CVE-2024-5118 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in SourceCodester Event Registration System 1.0 allows attackers to manipulate database queries through the admin login page. Remote attackers can potentially bypass authentication, access sensitive data, or execute arbitrary SQL commands. Organizations using this specific event registration system are affected.

📋 TL;DR

This critical SQL injection vulnerability in SourceCodester Event Registration System 1.0 allows attackers to manipulate database queries through the admin login page. Remote attackers can potentially bypass authentication, access sensitive data, or execute arbitrary SQL commands. Organizations using this specific event registration system are affected.

💻 Affected Systems

Products:

SourceCodester Event Registration System

Versions: 1.0

Operating Systems: Any OS running PHP with database backend

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /admin/login.php file specifically. Any deployment using the vulnerable version is affected regardless of configuration.

📦 What is this software?

Event Registration System by Oretnom23

View all CVEs affecting Event Registration System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution if database permissions allow.

🟠

Likely Case

Authentication bypass leading to unauthorized admin access, data exfiltration of user/event information, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - The vulnerability is in the admin login page which is typically internet-facing, allowing remote exploitation without authentication.

🏢 Internal Only: MEDIUM - If the system is only accessible internally, risk is reduced but still significant due to potential insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub. SQL injection in login forms is well-understood and easily weaponized with automated tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider replacing with alternative software or implementing custom fixes with parameterized queries and input validation.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection rules to block malicious payloads targeting the /admin/login.php endpoint.

Input Validation Filter

all

Add server-side input validation to sanitize username and password parameters before processing.

Example PHP: $username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);

🧯 If You Can't Patch

Isolate the system behind a VPN or restrict access to trusted IP addresses only
Implement strong monitoring and alerting for suspicious login attempts and SQL error patterns

🔍 How to Verify

Check if Vulnerable:

Test the /admin/login.php endpoint with SQL injection payloads like ' OR '1'='1 in username/password fields and observe if authentication bypass occurs.

Check Version:

Check the software version in the application interface or review source code files for version indicators.

Verify Fix Applied:

Attempt the same SQL injection tests after implementing fixes; successful authentication should be blocked and proper error handling should be in place.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts with SQL-like patterns
Successful admin logins from unusual IP addresses

Network Indicators:

HTTP POST requests to /admin/login.php containing SQL keywords (UNION, SELECT, OR, etc.)
Abnormal traffic patterns to the admin interface

SIEM Query:

source="web_logs" AND uri="/admin/login.php" AND (request_body CONTAINS "' OR" OR request_body CONTAINS "UNION" OR request_body CONTAINS "SELECT")

📊 Metadata

CVE ID: CVE-2024-5118

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: May 20, 2024

Last Updated: February 10, 2025

🔗 References

https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20SQL%20Injection%20-%201.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.265198 Permissions Required,VDB Entry
https://vuldb.com/?id.265198 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.338612 Third Party Advisory,VDB Entry
https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20SQL%20Injection%20-%201.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.265198 Permissions Required,VDB Entry
https://vuldb.com/?id.265198 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.338612 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5118, you might also want to check these: