CVE-2024-7667 – This critical SQL injection vulnerability in So... (How to Fix)

📋 TL;DR

This critical SQL injection vulnerability in SourceCodester Car Driving School Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the delete_users function. Attackers can potentially access, modify, or delete database content. All deployments of version 1.0 are affected.

💻 Affected Systems

Products:

SourceCodester Car Driving School Management System

Versions: 1.0

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.0 are vulnerable by default. No specific configuration required for exploitation.

📦 What is this software?

Car Driving School Management System by Oretnom23

View all CVEs affecting Car Driving School Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, privilege escalation to admin, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access and manipulation, user account compromise, and potential system takeover through admin credential extraction.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authentication but SQL injection is straightforward once authenticated. Public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

1. Check vendor website for updates
2. Apply any available patches
3. Verify fix by testing the vulnerable endpoint

🔧 Temporary Workarounds

Input Validation Filter

all

Add parameterized queries or input validation to User.php delete_users function

Modify User.php to use prepared statements: $stmt = $conn->prepare('DELETE FROM users WHERE id = ?'); $stmt->bind_param('i', $id);

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Add WAF rule: Detect and block SQL keywords in 'id' parameter of delete_users requests

🧯 If You Can't Patch

Isolate the system behind a firewall with strict access controls
Implement database user with minimal permissions (read-only where possible)

🔍 How to Verify

Check if Vulnerable:

Test the delete_users endpoint with SQL injection payloads like: id=1' OR '1'='1

Check Version:

Check system version in admin panel or readme files

Verify Fix Applied:

Test with same payloads and verify no SQL errors or unexpected behavior occurs

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple delete_users requests with suspicious parameters
Database queries with unexpected UNION or SELECT statements

Network Indicators:

HTTP requests to User.php with SQL keywords in parameters
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="*User.php*" AND (param="*id=*'*" OR param="*id=* OR *" OR param="*id=* UNION *")

📊 Metadata

CVE ID: CVE-2024-7667

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: August 12, 2024

Last Updated: August 15, 2024

🔗 References

https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-5.md Exploit
https://vuldb.com/?ctiid.274125 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.274125 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?submit.388771 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7667, you might also want to check these: