CVE-2024-6951 – This critical SQL injection vulnerability in Si... (How to Fix)

Q: What is the severity of CVE-2024-6951?

CVE-2024-6951 has a CVSS score of 6.3 (MEDIUM). This critical SQL injection vulnerability in Simple Online Book Store System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'bookisbn' parameter in admin_delete.php. Attackers can potentially read, modify, or delete database contents, including sensitive user data. All deployments of this specific software version are affected.

📋 TL;DR

This critical SQL injection vulnerability in Simple Online Book Store System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'bookisbn' parameter in admin_delete.php. Attackers can potentially read, modify, or delete database contents, including sensitive user data. All deployments of this specific software version are affected.

💻 Affected Systems

Products:

SourceCodester Simple Online Book Store System

Versions: 1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation. Any system using this specific version with the admin_delete.php file accessible is vulnerable.

📦 What is this software?

Simple Online Book Store System by Oretnom23

View all CVEs affecting Simple Online Book Store System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, or remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access and manipulation, potentially exposing customer information, order history, and administrative credentials.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires access to the admin interface, but authentication requirements are unclear from available information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider implementing input validation and parameterized queries as described in workarounds, or replace the software entirely.

🔧 Temporary Workarounds

Implement Input Validation

all

Add server-side validation to ensure the bookisbn parameter contains only expected characters (numbers, dashes).

Use Parameterized Queries

all

Rewrite the SQL query in admin_delete.php to use prepared statements with bound parameters instead of string concatenation.

🧯 If You Can't Patch

Restrict access to admin_delete.php using web server rules (e.g., .htaccess for Apache) or network firewalls.
Implement a Web Application Firewall (WAF) with SQL injection protection rules enabled.

🔍 How to Verify

Check if Vulnerable:

Test the admin_delete.php endpoint with SQL injection payloads in the bookisbn parameter (e.g., ' OR '1'='1). Monitor for unexpected database responses or errors.

Check Version:

Check the software version in the application's configuration files or admin panel. Look for version 1.0 indicators.

Verify Fix Applied:

After implementing fixes, retest with the same payloads to ensure they are properly rejected or sanitized without executing SQL commands.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in web server logs
Multiple failed or suspicious requests to admin_delete.php with SQL-like parameters

Network Indicators:

HTTP requests to admin_delete.php containing SQL keywords (UNION, SELECT, etc.) in parameters

SIEM Query:

source="web_server_logs" AND uri="*admin_delete.php*" AND (param="*bookisbn*" AND value="*OR*" OR value="*UNION*" OR value="*SELECT*")

📊 Metadata

CVE ID: CVE-2024-6951

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: July 21, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/Xu-Mingming/cve/blob/main/sql2.md Exploit
https://vuldb.com/?ctiid.272073 Permissions Required,Third Party Advisory
https://vuldb.com/?id.272073 Third Party Advisory
https://vuldb.com/?submit.375246 Third Party Advisory
https://github.com/Xu-Mingming/cve/blob/main/sql2.md Exploit
https://vuldb.com/?ctiid.272073 Permissions Required,Third Party Advisory
https://vuldb.com/?id.272073 Third Party Advisory
https://vuldb.com/?submit.375246 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6951, you might also want to check these: