A critical vulnerability, identified as CVE-2024-1827, has recently been discovered in Code-Projects Library System 1., a widely used open-source library management software. This vulnerability affects the application's source code, particularly the file "Source/librarian/user/teacher/login.php." The issue specifically involves a SQL injection attack, which can be initiated remotely by malicious actors by manipulating the user-provided username and password.

As of now, the CVE-2024-1827 vulnerability has been assigned an identifier of VDB-254615 in the vulnerability database.

The vulnerable section of the source code in the login.php file is as follows

<?php
if(isset($_POST['login'])){
  $username = $_POST['username'];
  $password = $_POST['password'];
  $sql = "SELECT * FROM teacher WHERE username='$username' AND password='$password'";
  $result = mysqli_query($conn, $sql);
  $row = mysqli_fetch_array($result);
  if($row){
    // Proceed with successful login
  } else {
    // Display error message for invalid login
  }
}

As you can see in the code snippet above, the user-supplied username and password received through the '$_POST' method are directly used in the 'SELECT' SQL query. This practice exposes the application to a SQL injection attack.

Exploit Details

To exploit this vulnerability, the attacker would need to provide a specially crafted string as input in the username and/or password fields to inject malicious SQL queries.

The resultant SQL query would become

SELECT * FROM teacher WHERE username='admin' OR '1'='1' AND password=''

Since '1'='1' is always true, the query would return all records available in the 'teacher' table, letting the attacker bypass the authentication check and access the system.

1. Code-Projects Library System 1.
2. CVE Details
3. Vulnerability Database (VDB-254615)

Users of the Code-Projects Library System 1. application are strongly advised to apply any security patches or workarounds provided by the vendor to mitigate the risk associated with this SQL injection vulnerability.

As this exploit has already been disclosed to the public, attackers may already be trying to leverage the vulnerability for malicious purposes. Therefore, it's essential to stay vigilant, follow best security practices, and update the affected systems as soon as possible.

Timeline

Published on: 02/23/2024 18:15:50 UTC
Last modified on: 03/21/2024 02:51:46 UTC