CVE-2024-5359 – This critical SQL injection vulnerability in PH... (How to Fix)

Q: What is the severity of CVE-2024-5359?

CVE-2024-5359 has a CVSS score of 6.3 (MEDIUM). This critical SQL injection vulnerability in PHPGurukul Zoo Management System 2.1 allows attackers to manipulate database queries through the searchdata parameter in /admin/foreigner-search.php. Attackers can potentially read, modify, or delete database contents, and may gain unauthorized access to sensitive information. Organizations using this specific version of the software are affected.

📋 TL;DR

This critical SQL injection vulnerability in PHPGurukul Zoo Management System 2.1 allows attackers to manipulate database queries through the searchdata parameter in /admin/foreigner-search.php. Attackers can potentially read, modify, or delete database contents, and may gain unauthorized access to sensitive information. Organizations using this specific version of the software are affected.

💻 Affected Systems

Products:

PHPGurukul Zoo Management System

Versions: 2.1

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires PHP environment with database backend (typically MySQL/MariaDB). The vulnerable file is in the admin directory but may be accessible without proper authentication controls.

📦 What is this software?

Zoo Management System by Phpgurukul

View all CVEs affecting Zoo Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, privilege escalation, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access and extraction of sensitive information from the database, potentially including user credentials, personal data, and system configuration.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available, making this easily exploitable by attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider applying manual code fixes or migrating to alternative software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add input validation and parameterized queries to the searchdata parameter processing

Modify /admin/foreigner-search.php to use prepared statements with parameterized queries instead of direct string concatenation

Access Restriction

all

Restrict access to the vulnerable admin directory

Add .htaccess with 'Deny from all' or equivalent web server configuration to block access to /admin/

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection rules
Isolate the system from internet access and restrict internal network access

🔍 How to Verify

Check if Vulnerable:

Check if /admin/foreigner-search.php exists and contains unsanitized searchdata parameter usage in SQL queries

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Test the search functionality with SQL injection payloads to confirm they are properly rejected or sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by foreigner-search.php access
SQL syntax errors in web server logs

Network Indicators:

HTTP POST requests to /admin/foreigner-search.php with SQL keywords in parameters
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="/admin/foreigner-search.php" AND (param="searchdata" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "OR 1=1")

📊 Metadata

CVE ID: CVE-2024-5359

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: May 26, 2024

Last Updated: February 21, 2025

🔗 References

https://vuldb.com/?ctiid.266271 Permissions Required,VDB Entry
https://vuldb.com/?id.266271 Permissions Required,VDB Entry
https://vuldb.com/?submit.343716 Third Party Advisory,VDB Entry
https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/cznh8x2li4fmds4d Broken Link
https://vuldb.com/?ctiid.266271 Permissions Required,VDB Entry
https://vuldb.com/?id.266271 Permissions Required,VDB Entry
https://vuldb.com/?submit.343716 Third Party Advisory,VDB Entry
https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/cznh8x2li4fmds4d Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5359, you might also want to check these: