CVE-2024-5119
📋 TL;DR
This critical SQL injection vulnerability in SourceCodester Event Registration System 1.0 allows remote attackers to execute arbitrary SQL commands via the last_id/event_id parameters in the /classes/Master.php?f=load_registration endpoint. Organizations using this specific version of the event registration system are affected, potentially exposing sensitive database information.
💻 Affected Systems
- SourceCodester Event Registration System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution if database functions allow it.
Likely Case
Unauthorized access to sensitive registration data, personal information exposure, and potential privilege escalation within the application.
If Mitigated
Limited information disclosure if proper input validation and WAF rules are in place.
🎯 Exploit Status
Exploit details are publicly available on GitHub, making this easily exploitable by attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Consider upgrading to a newer version if available, or implement workarounds.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation and parameterized queries for the last_id and event_id parameters.
WAF Rule Implementation
allDeploy web application firewall rules to block SQL injection patterns targeting the vulnerable endpoint.
🧯 If You Can't Patch
- Isolate the vulnerable system from the internet and restrict access to internal networks only.
- Implement network segmentation and monitor all traffic to the /classes/Master.php endpoint for suspicious patterns.
🔍 How to Verify
Check if Vulnerable:
Test the /classes/Master.php?f=load_registration endpoint with SQL injection payloads in last_id or event_id parameters and observe database errors or unexpected responses.Check Version:
Check the application's version information in the admin panel or configuration files.Verify Fix Applied:
After implementing fixes, test with the same payloads to ensure they are properly sanitized or blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL syntax in URL parameters
- Multiple failed database queries from single IP
- Access to /classes/Master.php with suspicious parameter values
Network Indicators:
- HTTP requests containing SQL keywords (UNION, SELECT, etc.) in URL parameters
- Abnormal traffic patterns to the vulnerable endpoint
SIEM Query:
source="web_server" AND (url="*Master.php*" AND (param="*last_id*" OR param="*event_id*") AND (value="*UNION*" OR value="*SELECT*" OR value="*OR 1=1*"))🔗 References
- https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20SQL%20Injection%20-%202.md
- https://vuldb.com/?ctiid.265199
- https://vuldb.com/?id.265199
- https://vuldb.com/?submit.338613
- https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20SQL%20Injection%20-%202.md
- https://vuldb.com/?ctiid.265199
- https://vuldb.com/?id.265199
- https://vuldb.com/?submit.338613
