CVE-2024-5381 – This critical SQL injection vulnerability in it... (How to Fix)

Q: What is the severity of CVE-2024-5381?

CVE-2024-5381 has a CVSS score of 6.3 (MEDIUM). This critical SQL injection vulnerability in itsourcecode Student Information Management System 1.0 allows attackers to manipulate database queries through the studentId parameter in view.php. Remote attackers can potentially access, modify, or delete sensitive student information. All deployments of version 1.0 with the vulnerable file are affected.

📋 TL;DR

This critical SQL injection vulnerability in itsourcecode Student Information Management System 1.0 allows attackers to manipulate database queries through the studentId parameter in view.php. Remote attackers can potentially access, modify, or delete sensitive student information. All deployments of version 1.0 with the vulnerable file are affected.

💻 Affected Systems

Products:

itsourcecode Student Information Management System

Versions: 1.0

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Any installation with the vulnerable view.php file is affected. The system appears to be a PHP-based web application.

📦 What is this software?

Student Information Management System by Itsourcecode

View all CVEs affecting Student Information Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, or deletion of all student records, potentially leading to authentication bypass or system takeover.

🟠

Likely Case

Unauthorized access to sensitive student information (names, addresses, grades) and potential data exfiltration or modification.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely and public exploit details are available.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but external threat is higher due to remote exploit capability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making this easily exploitable by attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider implementing parameterized queries or input validation in view.php, or replace with a supported version if available.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to ensure studentId parameter contains only expected characters (numbers)

Edit view.php to add: if(!is_numeric($_GET['studentId'])) { die('Invalid input'); }

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns targeting the studentId parameter

Add WAF rule: Detect and block SQL keywords in studentId parameter

🧯 If You Can't Patch

Isolate the system behind a firewall with strict access controls
Implement network segmentation to limit database access from the web server

🔍 How to Verify

Check if Vulnerable:

Test by accessing view.php with a malicious studentId parameter like: view.php?studentId=1' OR '1'='1

Check Version:

Check the system documentation or about page, or examine file headers for version information

Verify Fix Applied:

Test the same SQL injection attempts after implementing fixes to ensure they are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple failed parameter validation attempts
Requests with SQL keywords in studentId parameter

Network Indicators:

Unusual database query patterns from web server
Large data transfers from database to external IPs

SIEM Query:

source=web_logs AND (uri="*view.php*" AND (param="*studentId=*'*" OR param="*studentId=*%27*" OR param="*studentId=*OR*"))

📊 Metadata

CVE ID: CVE-2024-5381

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: May 26, 2024

Last Updated: February 11, 2025

🔗 References

https://github.com/Lanxiy7th/lx_CVE_report-/issues/2 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.266293 Permissions Required,VDB Entry
https://vuldb.com/?id.266293 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.344447 Third Party Advisory,VDB Entry
https://github.com/Lanxiy7th/lx_CVE_report-/issues/2 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.266293 Permissions Required,VDB Entry
https://vuldb.com/?id.266293 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.344447 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5381, you might also want to check these: