Login Sign Up

CVE-2024-6808

7.3 HIGH
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in Simple Task List 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in signUp.php. Attackers can potentially steal, modify, or delete database contents. All users running Simple Task List 1.0 are affected.

💻 Affected Systems

Products:
  • itsourcecode Simple Task List
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the signUp.php file specifically. Any installation with this version is vulnerable.

📦 What is this software?

Simple Task List by Code Projects

View all CVEs affecting Simple Task List →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including credential theft, data destruction, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, user credential theft, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. SQL injection is well-understood and easily weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider replacing with alternative software or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Parameterized Queries

all

Modify signUp.php to use prepared statements with parameterized queries instead of direct string concatenation.

Replace vulnerable SQL code with: $stmt = $conn->prepare('INSERT INTO users (username, password) VALUES (?, ?)'); $stmt->bind_param('ss', $username, $password); $stmt->execute();

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection rules to block malicious requests.

🧯 If You Can't Patch

  • Isolate the application behind a reverse proxy with strict input filtering
  • Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Test the signup functionality with SQL injection payloads like: username=admin' OR '1'='1

Check Version:

Check the application version in documentation or configuration files.

Verify Fix Applied:

Attempt SQL injection attacks after implementing parameterized queries; successful attacks should fail.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple failed signup attempts with special characters

Network Indicators:

  • HTTP POST requests to signUp.php containing SQL keywords (UNION, SELECT, etc.)

SIEM Query:

source="web_logs" AND uri="/signUp.php" AND (request_body LIKE "%UNION%" OR request_body LIKE "%SELECT%" OR request_body LIKE "%' OR '%")

📊 Metadata

CVE ID: CVE-2024-6808
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-89
Published: July 17, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6808, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)