CVE-2024-58276
📋 TL;DR
Obi08/Enrollment System 1.0 contains an unauthenticated SQL injection vulnerability in the /get_subject.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can extract sensitive user credentials including usernames and passwords from the database. Any organization using this vulnerable enrollment system is affected.
💻 Affected Systems
- Obi08/Enrollment System
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to credential theft, data exfiltration, and potential system takeover via credential reuse or privilege escalation.
Likely Case
Extraction of user credentials from the users table, enabling unauthorized access to the enrollment system and potential lateral movement.
If Mitigated
Limited information disclosure if database contains minimal sensitive data and proper network segmentation is in place.
🎯 Exploit Status
Exploit code is publicly available on Exploit-DB and GitHub, making this easily weaponizable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: N/A
Restart Required: No
Instructions:
No official patch available. Consider migrating to a maintained alternative or implementing workarounds.
🔧 Temporary Workarounds
Input Validation and Parameterized Queries
allModify /get_subject.php to use prepared statements with parameterized queries instead of string concatenation.
Replace vulnerable SQL query with: $stmt = $conn->prepare('SELECT * FROM subjects WHERE keyword = ?'); $stmt->bind_param('s', $keyword); $stmt->execute();
Web Application Firewall (WAF)
allDeploy a WAF with SQL injection protection rules to block malicious requests.
🧯 If You Can't Patch
- Network segmentation: Isolate the enrollment system from internet access and restrict to internal networks only.
- Credential rotation: Immediately change all passwords stored in the users table and monitor for unauthorized access.
🔍 How to Verify
Check if Vulnerable:
Send a request to /get_subject.php with parameter: keyword=' UNION SELECT username,password FROM users--Check Version:
Check the software version in the application interface or configuration files.Verify Fix Applied:
Test the same payload after implementing parameterized queries; it should return an error or no data instead of credentials.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /get_subject.php containing SQL keywords like UNION, SELECT, FROM, users
Network Indicators:
- Unusual database query patterns from web server to database
SIEM Query:
source="web_logs" AND uri="/get_subject.php" AND (keyword CONTAINS "UNION" OR keyword CONTAINS "SELECT" OR keyword CONTAINS "FROM")