CVE-2024-5357 – This critical SQL injection vulnerability in PH... (How to Fix)

Q: What is the severity of CVE-2024-5357?

CVE-2024-5357 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in PHPGurukul Zoo Management System 2.1 allows attackers to manipulate database queries through the email parameter in the forgot password functionality. Remote attackers can potentially access, modify, or delete database contents. All users running version 2.1 are affected.

📋 TL;DR

This critical SQL injection vulnerability in PHPGurukul Zoo Management System 2.1 allows attackers to manipulate database queries through the email parameter in the forgot password functionality. Remote attackers can potentially access, modify, or delete database contents. All users running version 2.1 are affected.

💻 Affected Systems

Products:

PHPGurukul Zoo Management System

Versions: 2.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of version 2.1.

📦 What is this software?

Zoo Management System by Phpgurukul

View all CVEs affecting Zoo Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, authentication bypass, privilege escalation, or system takeover.

🟠

Likely Case

Unauthorized data access, credential theft, and potential administrative access to the system.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting query execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available, making this easily exploitable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement proper input validation and parameterized queries for the email parameter in forgot-password.php

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns targeting the forgot password endpoint

🧯 If You Can't Patch

Restrict access to /admin/forgot-password.php using network controls or authentication
Implement database user with minimal privileges for the application

🔍 How to Verify

Check if Vulnerable:

Test the /admin/forgot-password.php endpoint with SQL injection payloads in the email parameter

Check Version:

Check system documentation or configuration files for version information

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and proper input validation is implemented

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed password reset attempts with suspicious email patterns

Network Indicators:

SQL injection patterns in HTTP POST requests to /admin/forgot-password.php

SIEM Query:

web_requests WHERE url_path CONTAINS '/admin/forgot-password.php' AND (request_body CONTAINS 'UNION' OR request_body CONTAINS 'SELECT' OR request_body CONTAINS 'OR 1=1')

📊 Metadata

CVE ID: CVE-2024-5357

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: May 26, 2024

Last Updated: February 21, 2025

🔗 References

https://vuldb.com/?ctiid.266269 Permissions Required,VDB Entry
https://vuldb.com/?id.266269 Permissions Required,VDB Entry
https://vuldb.com/?submit.343372 Third Party Advisory,VDB Entry
https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wzxsew2dfb84l3lo Broken Link
https://vuldb.com/?ctiid.266269 Permissions Required,VDB Entry
https://vuldb.com/?id.266269 Permissions Required,VDB Entry
https://vuldb.com/?submit.343372 Third Party Advisory,VDB Entry
https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wzxsew2dfb84l3lo Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5357, you might also want to check these: