Login Sign Up

CVE-2024-8340

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

This critical SQL injection vulnerability in SourceCodester Electric Billing Management System 1.0 allows attackers to manipulate database queries via the username parameter during login. Attackers can potentially access, modify, or delete sensitive billing data. Organizations using this specific version of the software are affected.

💻 Affected Systems

Products:
  • SourceCodester Electric Billing Management System
Versions: 1.0
Operating Systems: Any
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the login functionality at /Actions.php?a=login via username parameter manipulation.

📦 What is this software?

Electric Billing Management System by Oretnom23

View all CVEs affecting Electric Billing Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution.

🟠

Likely Case

Unauthorized access to sensitive billing data, customer information theft, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation, WAF protection, and database permission restrictions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit available on GitHub, SQL injection via login endpoint requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Parameterized Queries

all

Implement proper input validation and use parameterized queries in the login functionality.

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting the /Actions.php endpoint.

🧯 If You Can't Patch

  • Isolate the system from internet access and restrict to internal network only
  • Implement strict network segmentation and monitor all database access attempts

🔍 How to Verify

Check if Vulnerable:

Test the login endpoint with SQL injection payloads in the username parameter: /Actions.php?a=login with malicious username values

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and proper input validation is implemented

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in application logs
  • Multiple failed login attempts with SQL patterns

Network Indicators:

  • HTTP POST requests to /Actions.php with SQL keywords in parameters

SIEM Query:

source="web_logs" AND uri="/Actions.php" AND (username CONTAINS "' OR" OR username CONTAINS "UNION" OR username CONTAINS "SELECT")

📊 Metadata

CVE ID: CVE-2024-8340
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-89
Published: August 30, 2024
Last Updated: September 4, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8340, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)