CVE-2024-7645 – This CSRF vulnerability in SourceCodester Clini... (How to Fix)

Q: What is the severity of CVE-2024-7645?

CVE-2024-7645 has a CVSS score of 4.3 (MEDIUM). This CSRF vulnerability in SourceCodester Clinics Patient Management System 1.0 allows attackers to trick authenticated users into performing unintended actions on the user management page. Attackers can remotely exploit this to modify user accounts or perform other administrative functions. Organizations using this specific version of the patient management system are affected.

📋 TL;DR

This CSRF vulnerability in SourceCodester Clinics Patient Management System 1.0 allows attackers to trick authenticated users into performing unintended actions on the user management page. Attackers can remotely exploit this to modify user accounts or perform other administrative functions. Organizations using this specific version of the patient management system are affected.

💻 Affected Systems

Products:

SourceCodester Clinics Patient Management System

Versions: 1.0

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the users.php component specifically. Requires the system to be deployed and accessible.

📦 What is this software?

Clinic\'s Patient Management System by Oretnom23

View all CVEs affecting Clinic\'s Patient Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could create, modify, or delete user accounts, potentially gaining administrative access or disrupting clinic operations.

🟠

Likely Case

Attackers trick administrators into creating new privileged accounts or modifying existing user permissions.

🟢

If Mitigated

With proper CSRF protections, the attack fails and users are protected from unauthorized actions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires the victim to be authenticated and visit a malicious page while logged into the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider implementing CSRF tokens in users.php or upgrading if a newer version becomes available.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all forms and validate them on the server side in users.php

Manual code modification required - add CSRF token generation and validation

Use SameSite Cookies

all

Configure session cookies with SameSite=Strict attribute

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

Implement web application firewall rules to detect CSRF patterns
Restrict access to the management interface to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check if users.php lacks CSRF token validation by reviewing the source code or testing with CSRF PoC tools

Check Version:

Check system version in admin panel or configuration files

Verify Fix Applied:

Test that forms in users.php now include and validate CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple user account modifications from same IP in short time
User creation/modification without corresponding admin login

Network Indicators:

HTTP POST requests to users.php without Referer header or with external referers

SIEM Query:

source="web_logs" AND uri="/users.php" AND method="POST" AND NOT referer CONTAINS "your-domain.com"

📊 Metadata

CVE ID: CVE-2024-7645

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

Published: August 12, 2024

Last Updated: August 19, 2024

🔗 References

https://github.com/ddChenA/cve/blob/main/csrf.md Exploit
https://vuldb.com/?ctiid.274066 Permissions Required,VDB Entry
https://vuldb.com/?id.274066 Permissions Required,VDB Entry
https://vuldb.com/?submit.387399 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7645, you might also want to check these: