Login Sign Up

CVE-2024-6418

7.3 HIGH
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in SourceCodester Medicine Tracker System 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter during user registration. Attackers can potentially access, modify, or delete database contents. All deployments of this specific software version are affected.

💻 Affected Systems

Products:
  • SourceCodester Medicine Tracker System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the user registration endpoint specifically. No authentication required for exploitation.

📦 What is this software?

Medicine Tracker System by Oretnom23

View all CVEs affecting Medicine Tracker System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, user account compromise, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or partial data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on GitHub. Attack requires no authentication and uses simple SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider implementing parameterized queries or input validation as described in workarounds.

🔧 Temporary Workarounds

Implement Parameterized Queries

all

Replace raw SQL concatenation with prepared statements in the Users.php registration function.

Modify /classes/Users.php to use PDO or mysqli prepared statements for the register_user function

Input Validation and Sanitization

all

Add strict input validation for username parameter to reject SQL special characters.

Add validation: if(preg_match('/[\'"\;\-\#\*]/', $username)) { reject input; }

🧯 If You Can't Patch

  • Block access to /classes/Users.php?f=register_user at web application firewall or network level
  • Implement database user with minimal privileges (read-only if possible) for the application

🔍 How to Verify

Check if Vulnerable:

Test the registration endpoint with SQL injection payloads like: username=admin' OR '1'='1

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Attempt SQL injection after implementing parameterized queries - should return error or no database interaction

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple registration attempts with special characters in username

Network Indicators:

  • HTTP POST requests to /classes/Users.php containing SQL keywords in parameters

SIEM Query:

source="web_logs" AND uri="/classes/Users.php" AND (param="username" AND value MATCHES "[';\-]|OR|UNION|SELECT")

📊 Metadata

CVE ID: CVE-2024-6418
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-89
Published: June 30, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6418, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)