Login Sign Up

CVE-2024-7369

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

This critical SQL injection vulnerability in Simple Realtime Quiz System 1.0 allows attackers to execute arbitrary SQL commands via the username parameter during login. Attackers can potentially steal, modify, or delete database contents, including user credentials and quiz data. All deployments of Simple Realtime Quiz System 1.0 with the vulnerable /ajax.php?action=login endpoint are affected.

💻 Affected Systems

Products:
  • SourceCodester Simple Realtime Quiz System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with the default /ajax.php?action=login endpoint are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Simple Realtime Quiz System by Oretnom23

View all CVEs affecting Simple Realtime Quiz System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized access to sensitive data including user credentials, quiz answers, and personal information stored in the database.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available. SQL injection via username parameter requires no authentication and is straightforward to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider implementing workarounds or migrating to alternative software.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to reject SQL special characters in username parameter

Modify /ajax.php to add: if (preg_match('/[\'"\-;\\]/', $_POST['username'])) { die('Invalid input'); }

Web Application Firewall Rule

all

Block SQL injection patterns in requests to /ajax.php?action=login

WAF-specific configuration to block SQL keywords in POST parameters

🧯 If You Can't Patch

  • Isolate the application behind a reverse proxy with strict input validation
  • Implement network segmentation to limit database access from application server only

🔍 How to Verify

Check if Vulnerable:

Test /ajax.php?action=login endpoint with SQL injection payload in username parameter (e.g., admin' OR '1'='1)

Check Version:

Check application files or documentation for version 1.0 indication

Verify Fix Applied:

Attempt SQL injection after implementing fixes and verify requests are blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

  • SQL syntax errors in application logs
  • Unusual database query patterns from web server IP

Network Indicators:

  • POST requests to /ajax.php?action=login containing SQL keywords like UNION, SELECT, OR

SIEM Query:

source="web_logs" AND uri="/ajax.php" AND (username="*'*" OR username="*OR*" OR username="*UNION*")

📊 Metadata

CVE ID: CVE-2024-7369
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-89
Published: August 1, 2024
Last Updated: August 7, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7369, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)