CVE-2024-6371
📋 TL;DR
This is a critical SQL injection vulnerability in Pool of Bethesda Online Reservation System 1.0 that allows remote attackers to execute arbitrary SQL commands via the rmtype_id parameter in controller.php. Attackers can potentially access, modify, or delete database content. All users of version 1.0 are affected.
💻 Affected Systems
- Pool of Bethesda Online Reservation System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data destruction, authentication bypass, and potential remote code execution via database functions.
Likely Case
Unauthorized data access and extraction, potentially including sensitive reservation data and user information.
If Mitigated
Limited impact with proper input validation and database permissions restricting damage to non-critical data.
🎯 Exploit Status
Exploit code is publicly available on GitHub. SQL injection via rmtype_id parameter requires minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Consider implementing parameterized queries and input validation in controller.php.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection patterns targeting rmtype_id parameter
Input Validation
allAdd server-side validation to ensure rmtype_id contains only expected values
🧯 If You Can't Patch
- Isolate the system from internet access and restrict to internal network only
- Implement strict network segmentation and monitor all database queries from the application
🔍 How to Verify
Check if Vulnerable:
Check if controller.php exists and contains unsanitized rmtype_id parameter usage in SQL queriesCheck Version:
Check application version in admin panel or configuration filesVerify Fix Applied:
Test rmtype_id parameter with SQL injection payloads to confirm they are blocked or sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed login attempts following SQL injection patterns
Network Indicators:
- HTTP requests containing SQL keywords in rmtype_id parameter
- Unusual database query patterns
SIEM Query:
web_requests WHERE url LIKE '%controller.php%' AND (params CONTAINS 'UNION' OR params CONTAINS 'SELECT' OR params CONTAINS 'OR 1=1')🔗 References
- https://github.com/L1OudFd8cl09/CVE/blob/main/25_06_2024_b.md
- https://vuldb.com/?ctiid.269804
- https://vuldb.com/?id.269804
- https://vuldb.com/?submit.364101
- https://github.com/L1OudFd8cl09/CVE/blob/main/25_06_2024_b.md
- https://vuldb.com/?ctiid.269804
- https://vuldb.com/?id.269804
- https://vuldb.com/?submit.364101
