CVE-2024-6745 – This critical SQL injection vulnerability in Si... (How to Fix)

Q: What is the severity of CVE-2024-6745?

CVE-2024-6745 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in Simple Ticket Booking 1.0 allows attackers to execute arbitrary SQL commands through the login form's email/password fields. Remote attackers can potentially bypass authentication, access or modify database contents, and compromise the entire application. All installations of Simple Ticket Booking 1.0 with the vulnerable adminauthenticate.php file are affected.

📋 TL;DR

This critical SQL injection vulnerability in Simple Ticket Booking 1.0 allows attackers to execute arbitrary SQL commands through the login form's email/password fields. Remote attackers can potentially bypass authentication, access or modify database contents, and compromise the entire application. All installations of Simple Ticket Booking 1.0 with the vulnerable adminauthenticate.php file are affected.

💻 Affected Systems

Products:

Simple Ticket Booking

Versions: 1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the admin login component specifically. The vulnerability is in adminauthenticate.php file.

📦 What is this software?

Simple Ticket Booking by Code Projects

View all CVEs affecting Simple Ticket Booking →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, authentication bypass, privilege escalation, and potential remote code execution via database functions.

🟠

Likely Case

Authentication bypass allowing unauthorized admin access, data exfiltration of user information and booking data, and potential database manipulation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection, though other vulnerabilities might still exist.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. SQL injection through login fields is straightforward for attackers with basic SQL knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Replace adminauthenticate.php with secure version using parameterized queries or prepared statements. Consider migrating to supported software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation and sanitization for email and password inputs before SQL processing.

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns in login requests.

🧯 If You Can't Patch

Isolate the application behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Check if adminauthenticate.php exists and contains raw SQL queries with concatenated user inputs. Test with SQL injection payloads in login form.

Check Version:

Check software version in documentation or configuration files. No standard command available.

Verify Fix Applied:

Verify that parameterized queries or prepared statements are used in adminauthenticate.php. Test with SQL injection payloads to confirm they're blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple failed login attempts with SQL syntax in parameters
Successful admin logins from unusual IP addresses

Network Indicators:

HTTP POST requests to adminauthenticate.php containing SQL keywords like UNION, SELECT, OR 1=1

SIEM Query:

source="web_logs" AND uri="*adminauthenticate.php*" AND (request_body="*UNION*" OR request_body="*SELECT*" OR request_body="*OR 1=1*")

📊 Metadata

CVE ID: CVE-2024-6745

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: July 15, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/xzyxiaohaha/cve/issues/2 Exploit,Issue Tracking
https://vuldb.com/?ctiid.271476 Permissions Required
https://vuldb.com/?id.271476 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.374770 Third Party Advisory,VDB Entry
https://github.com/xzyxiaohaha/cve/issues/2 Exploit,Issue Tracking
https://vuldb.com/?ctiid.271476 Permissions Required
https://vuldb.com/?id.271476 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.374770 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6745, you might also want to check these: