CVE-2024-54842
📋 TL;DR
This SQL injection vulnerability in phpgurukul Online Nurse Hiring System v1.0 allows attackers to execute arbitrary SQL commands through the mobileno parameter in the password recovery page. Attackers can potentially access, modify, or delete database content. All systems running the vulnerable version are affected.
💻 Affected Systems
- phpgurukul Online Nurse Hiring System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including credential theft, data exfiltration, privilege escalation to admin, and potential remote code execution via database functions.
Likely Case
Unauthorized access to sensitive nurse/patient data, credential harvesting, and potential authentication bypass to gain administrative access.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection, though system remains vulnerable to other attacks.
🎯 Exploit Status
Public proof-of-concept exists showing exploitation via simple HTTP requests. No authentication required to access the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
No official patch available. Implement parameterized queries in /admin/password-recovery.php to sanitize mobileno input, or upgrade if vendor releases fixed version.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd server-side validation to ensure mobileno parameter contains only numeric characters and is within expected length.
Edit /admin/password-recovery.php to add: if(!preg_match('/^[0-9]{10}$/', $_POST['mobileno'])) { die('Invalid input'); }
Web Application Firewall Rule
allBlock SQL injection patterns targeting the password-recovery.php endpoint.
WAF rule: deny requests to /admin/password-recovery.php containing SQL keywords like UNION, SELECT, INSERT, UPDATE, DELETE, DROP, OR, AND in POST parameters
🧯 If You Can't Patch
- Block external access to /admin/password-recovery.php using firewall rules or web server configuration
- Implement network segmentation to isolate the vulnerable system from sensitive networks
🔍 How to Verify
Check if Vulnerable:
Send POST request to /admin/password-recovery.php with mobileno parameter containing SQL injection payload like ' OR '1'='1 and check for abnormal database responses or error messages.Check Version:
Check system documentation or admin panel footer for version information, or examine PHP files for version comments.Verify Fix Applied:
Test with same SQL injection payloads after implementing fixes - should receive generic error message or validation failure without database errors.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed password recovery attempts from single IP
- POST requests to /admin/password-recovery.php with SQL keywords in parameters
Network Indicators:
- HTTP POST requests containing SQL injection patterns in mobileno parameter
- Abnormal database query patterns from web server
SIEM Query:
source="web_logs" AND uri="/admin/password-recovery.php" AND (request_body CONTAINS "UNION" OR request_body CONTAINS "SELECT" OR request_body CONTAINS "OR '1'='1")