CVE-2024-7321 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2024-7321?

CVE-2024-7321 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows attackers to inject malicious scripts into the 'user' parameter of the signup.php file in Online Blood Bank Management System 1.0. When victims view pages containing the injected scripts, the attacker can steal session cookies, redirect users, or perform actions on their behalf. This affects all deployments of version 1.0 of this specific blood bank management system.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into the 'user' parameter of the signup.php file in Online Blood Bank Management System 1.0. When victims view pages containing the injected scripts, the attacker can steal session cookies, redirect users, or perform actions on their behalf. This affects all deployments of version 1.0 of this specific blood bank management system.

💻 Affected Systems

Products:

itsourcecode Online Blood Bank Management System

Versions: 1.0

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations of version 1.0. The signup.php file with vulnerable user parameter handling is included by default.

📦 What is this software?

Online Blood Bank Management System by Adonesevangelista

View all CVEs affecting Online Blood Bank Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full system access, compromise donor/patient data, and potentially pivot to other systems.

🟠

Likely Case

Attackers steal user session cookies to hijack accounts, deface pages, or redirect users to malicious sites.

🟢

If Mitigated

Scripts execute but cannot access sensitive data due to proper Content Security Policy and cookie security flags.

🌐 Internet-Facing: HIGH - The vulnerability is in a public-facing registration page that can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - If system is internal-only, risk is reduced but still present for authenticated internal users.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. Attack requires user interaction (viewing malicious page) but no authentication to inject payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Implement workarounds or consider replacing the software.

🔧 Temporary Workarounds

Input Sanitization

all

Add proper input validation and output encoding to signup.php to sanitize the 'user' parameter

Edit signup.php and add: $user = htmlspecialchars($_POST['user'], ENT_QUOTES, 'UTF-8');

Content Security Policy

all

Implement strict Content Security Policy headers to prevent script execution

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to PHP: header("Content-Security-Policy: default-src 'self'; script-src 'self'");

🧯 If You Can't Patch

Disable user registration functionality by removing/renaming signup.php
Implement web application firewall (WAF) rules to block XSS payloads in user parameter

🔍 How to Verify

Check if Vulnerable:

Test by submitting <script>alert('XSS')</script> in the user registration field and check if script executes on subsequent pages

Check Version:

Check version in system documentation, about page, or readme files

Verify Fix Applied:

Test with same payload - script should appear as plain text, not execute

📡 Detection & Monitoring

Log Indicators:

Unusual script tags in user registration POST requests
Multiple failed registration attempts with script-like content

Network Indicators:

HTTP requests to signup.php containing <script> tags or javascript: URIs

SIEM Query:

source="web_logs" AND uri="/signup.php" AND (body CONTAINS "<script>" OR body CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2024-7321

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

Published: July 31, 2024

Last Updated: August 12, 2024

🔗 References

https://github.com/cl4irv0yance/CVEs/issues/4 Exploit
https://vuldb.com/?ctiid.273232 Permissions Required
https://vuldb.com/?id.273232 Permissions Required
https://vuldb.com/?submit.383437 VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7321, you might also want to check these: