CVE-2024-8561 – This critical SQL injection vulnerability in So... (How to Fix)

Q: What is the severity of CVE-2024-8561?

CVE-2024-8561 has a CVSS score of 6.3 (MEDIUM). This critical SQL injection vulnerability in SourceCodester PHP CRUD 1.0 allows attackers to execute arbitrary SQL commands via the 'person' parameter in the delete.php endpoint. Organizations using this software are affected, particularly those with internet-facing installations. The vulnerability enables unauthorized database manipulation and potential data exfiltration.

📋 TL;DR

This critical SQL injection vulnerability in SourceCodester PHP CRUD 1.0 allows attackers to execute arbitrary SQL commands via the 'person' parameter in the delete.php endpoint. Organizations using this software are affected, particularly those with internet-facing installations. The vulnerability enables unauthorized database manipulation and potential data exfiltration.

💻 Affected Systems

Products:

SourceCodester PHP CRUD

Versions: 1.0

Operating Systems: All operating systems running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /endpoint/delete.php file specifically; requires PHP environment with database connectivity.

📦 What is this software?

Php Crud by Rems

View all CVEs affecting Php Crud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, modification, or deletion; potential privilege escalation to execute system commands; full application takeover.

🟠

Likely Case

Unauthorized data access and manipulation in the affected database tables; potential extraction of sensitive information like user credentials or personal data.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection; database remains protected with minimal exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with basic web testing tools; remote exploitation possible without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

1. Check vendor website for updates 2. If patch available, download and replace affected files 3. Test functionality after update

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for the 'person' parameter

Replace raw SQL queries with prepared statements: $stmt = $pdo->prepare('DELETE FROM persons WHERE id = ?'); $stmt->execute([$person]);

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting delete.php

ModSecurity rule: SecRule ARGS:person "@detectSQLi" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Disable or restrict access to /endpoint/delete.php via web server configuration or firewall rules
Implement network segmentation to isolate the vulnerable system from sensitive data and critical infrastructure

🔍 How to Verify

Check if Vulnerable:

Test the /endpoint/delete.php endpoint with SQL injection payloads like: person=1' OR '1'='1

Check Version:

Check application files for version information or review source code comments

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return appropriate error responses

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple DELETE requests with suspicious parameter values
Failed authentication attempts followed by delete.php access

Network Indicators:

HTTP requests to delete.php with SQL keywords in parameters
Unusual database query patterns from web server IP

SIEM Query:

source="web_logs" AND uri_path="/endpoint/delete.php" AND (param="person" AND value MATCHES "(?i)(union|select|insert|delete|update|drop|--|#|/*)")

📊 Metadata

CVE ID: CVE-2024-8561

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: September 7, 2024

Last Updated: September 10, 2024

🔗 References

https://vuldb.com/?ctiid.276781 Permissions Required
https://vuldb.com/?id.276781 Permissions Required,Third Party Advisory
https://vuldb.com/?submit.403651 Third Party Advisory,VDB Entry
https://www.sourcecodester.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8561, you might also want to check these: