Exploit
CVE-2024-9296

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

Published: Sep 28, 2024 / Updated: 52d ago

010
CVSS 6.9EPSS 0.05%Medium
CVE info copied to clipboard

Summary

A critical vulnerability has been identified in the SourceCodester Advocate Office Management System version 1.0. The vulnerability is located in an unknown function within the file /control/forgot_pass.php. This flaw allows for SQL injection through the manipulation of the 'username' parameter. The vulnerability can be exploited remotely without any user interaction or special privileges required.

Impact

This SQL injection vulnerability can have severe consequences. Given its critical nature and high CVSS score of 9.8, it poses significant risks to the confidentiality, integrity, and availability of the affected system. Attackers could potentially: 1. Extract sensitive information from the database, including user credentials and other confidential data. 2. Modify or delete database contents, compromising the integrity of the system. 3. Escalate privileges within the application or the underlying system. 4. Execute arbitrary commands on the database server, potentially leading to full system compromise. 5. Cause denial of service by corrupting or deleting critical data.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

As of the latest information provided, there is no mention of an official patch being available for this vulnerability. The security team should closely monitor for any updates or patches released by SourceCodester for the Advocate Office Management System.

Mitigation

Given the critical nature of this vulnerability and the lack of an official patch, the following mitigation steps are recommended: 1. Immediately isolate or disable access to the affected system, especially the vulnerable /control/forgot_pass.php file, if possible. 2. Implement strong input validation and sanitization for all user inputs, particularly the 'username' parameter in the forgot password functionality. 3. Use prepared statements or parameterized queries for all database interactions to prevent SQL injection. 4. Apply the principle of least privilege to the database user account used by the application. 5. Implement a Web Application Firewall (WAF) to help detect and block SQL injection attempts. 6. Regularly monitor system logs for any suspicious activities or potential exploitation attempts. 7. Consider upgrading to a more secure alternative system if patches are not forthcoming from the vendor. 8. Conduct a thorough security audit of the entire Advocate Office Management System to identify and address any other potential vulnerabilities.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9296

Sep 28, 2024 at 9:15 AM
First Article

Feedly found the first article mentioning CVE-2024-9296. See article

Sep 28, 2024 at 9:16 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 28, 2024 at 9:16 AM
CVSS

A CVSS base score of 7.3 has been assigned.

Sep 28, 2024 at 9:20 AM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.3%)

Sep 29, 2024 at 12:11 PM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 1, 2024 at 11:40 AM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Oct 1, 2024 at 2:10 PM
Static CVE Timeline Graph

Affected Systems

Mayurik/advocate_office_management_system
+null more

Exploits

https://github.com/para-paradise/webray.com.cn/blob/main/Advocate%20office%20management%20system/Advocate%20office%20management%20system%20forgot_pass.php%20time-based%20SQL%20Injection%20Vulnerability.md
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

News

CVE-2024-9296 Exploit
CVE Id : CVE-2024-9296 Published Date: 2024-10-01T11:36:00+00:00 A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /control/forgot_pass.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. inTheWild added a link to an exploit: https://github.com/para-paradise/webray.com.cn/blob/main/Advocate%20office%20management%20system/Advocate%20office%20management%20system%20forgot_pass.php%20time-based%20SQL%20Injection%20Vulnerability.md
Update Sun Sep 29 06:28:03 UTC 2024
Update Sun Sep 29 06:28:03 UTC 2024
CVE-2024-9296
High Severity Description A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /control/forgot_pass.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Read more at https://www.tenable.com/cve/CVE-2024-9296
CVE-2024-9296
Gravedad 3.1 (CVSS 3.1 Base Score) Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
NA - CVE-2024-9296 - A vulnerability was found in SourceCodester...
A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /control/forgot_pass.php. The...
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI