CVE-2024-1830: Critical Vulnerability Found in code-projects Library System 1. – SQL Injection through Lost-Password Functionality

Hey, folks! A critical vulnerability has been discovered in the code-projects Library System 1., with identifier CVE-2024-1830 (VDB-254618). This vulnerability can lead to SQL injection through manipulation of the 'email' argument within the lost-password functionality. This exploit has already been disclosed to the public, and attackers can potentially use it to launch remote attacks. Keep reading for more details on this issue, the affected components, and how the attack can be carried out.

Vulnerability Type: SQL Injection

- Affected Component: /Source/librarian/user/student/lost-password.php file

Original References

- CVE Details Page: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1830
- Exploit Database Entry: https://www.exploit-db.com/exploits/254618

Code Snippet

The issue lies within the lost-password.php file, and particularly, how the 'email' parameter is being handled without proper input validation and sanitization. The following code snippet shows the problematic part of the file:

$email = $_POST['email'];
$sql = "SELECT email FROM students WHERE email='$email'";
$result = mysql_query($sql);

The problem here is that the user-supplied email input is directly used in the SQL query without any proper input validation or sanitization, making it vulnerable to SQL injection attacks.

Exploit Details

As the 'email' argument is not properly sanitized, it is possible for an attacker to inject malicious SQL code through the lost-password functionality. This would allow them to tamper with, exfiltrate, or delete sensitive data stored in the Library System database. An example SQL injection payload for this vulnerability is shown below:

email: ' OR 1=1 -- 

This payload, when inputted in the 'email' field of the lost-password functionality, would cause the SQL query to return all records in the 'students' table, bypassing any email verification checks. Subsequently, a remote attacker could exploit this vulnerability to gain unauthorized access to student accounts or other sensitive data stored in the Library System.

Conclusion

The critical vulnerability (CVE-2024-1830) within code-projects Library System 1. can be exploited via SQL injection attacks. Attackers can remotely manipulate the 'email' argument in the lost-password functionality to compromise sensitive data stored within the system. It is crucial to address this issue as soon as possible by validating and sanitizing user-provided inputs, and keeping your system up to date with any provided security patches.

Stay safe and always keep an eye out for potential vulnerabilities in your deployed systems!

Timeline

Published on: 02/23/2024 19:15:08 UTC
Last modified on: 03/21/2024 02:51:46 UTC