CVE-2024-5896 – This critical SQL injection vulnerability in So... (How to Fix)

Q: What is the severity of CVE-2024-5896?

CVE-2024-5896 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 allows attackers to execute arbitrary SQL commands via the 'id' parameter in the save_users function. Attackers can remotely exploit this to steal, modify, or delete database contents. All deployments of version 1.0 are affected.

📋 TL;DR

This critical SQL injection vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 allows attackers to execute arbitrary SQL commands via the 'id' parameter in the save_users function. Attackers can remotely exploit this to steal, modify, or delete database contents. All deployments of version 1.0 are affected.

💻 Affected Systems

Products:

SourceCodester Employee and Visitor Gate Pass Logging System

Versions: 1.0

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.0 are vulnerable regardless of configuration.

📦 What is this software?

Employee And Visitor Gate Pass Logging System by Oretnom23

View all CVEs affecting Employee And Visitor Gate Pass Logging System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, system takeover, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized data access, credential theft, and potential data manipulation affecting employee and visitor records.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication, making internet-facing instances extremely vulnerable.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to insider threats or compromised internal accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making this easily exploitable by attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Parameterized Queries

all

Modify /classes/Users.php to implement proper input validation and use prepared statements for SQL queries.

Edit /classes/Users.php and replace raw SQL queries with parameterized queries using PDO or mysqli prepared statements.

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to block malicious requests.

Configure WAF rules to block SQL injection patterns in POST parameters, particularly targeting the 'id' parameter.

🧯 If You Can't Patch

Isolate the system behind a firewall with strict access controls and monitor all database queries.
Implement network segmentation to limit potential lateral movement if the system is compromised.

🔍 How to Verify

Check if Vulnerable:

Check if the system is running version 1.0 of SourceCodester Employee and Visitor Gate Pass Logging System. Review /classes/Users.php for raw SQL queries without parameterization.

Check Version:

Check system documentation or configuration files for version information. No standard command available.

Verify Fix Applied:

Test the save_users endpoint with SQL injection payloads to confirm they are properly blocked or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts or unusual parameter values in web server logs
Unexpected database schema changes

Network Indicators:

SQL injection patterns in HTTP POST requests to /classes/Users.php?f=save
Unusual outbound database connections

SIEM Query:

source="web_server" AND uri="/classes/Users.php" AND (param="id" AND value MATCHES "[';]|UNION|SELECT|INSERT|UPDATE|DELETE|DROP|--"))

📊 Metadata

CVE ID: CVE-2024-5896

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: June 12, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/Hefei-Coffee/cve/blob/main/sql12.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.268140 Permissions Required,Third Party Advisory
https://vuldb.com/?id.268140 Third Party Advisory
https://vuldb.com/?submit.354925 Third Party Advisory
https://github.com/Hefei-Coffee/cve/blob/main/sql12.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.268140 Permissions Required,Third Party Advisory
https://vuldb.com/?id.268140 Third Party Advisory
https://vuldb.com/?submit.354925 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5896, you might also want to check these: