A critical vulnerability has been discovered in SourceCodester Employee Management System 1. (EMS). The vulnerability, identified as CVE-2024-1878, affects the myprofile.php file, with exploitation resulting in SQL injection. Attackers can exploit this vulnerability remotely. It is essential to understand the impact of this vulnerability and take action to prevent potential attacks in the future. This post will discuss the details of the vulnerability, provide code snippets, and outline potential mitigation steps.
Vulnerability Details
The CVE-2024-1878 vulnerability is a result of insufficient input validation of the id argument in the myprofile.php file, leading to SQL injection. The manipulation of the argument id with the input 1%20or%201=1 allows an attacker to exploit this vulnerability remotely. The attacker can then access, modify, or delete sensitive data within the vulnerable application. VDB-254726 is the identifier assigned to this vulnerability.
The following code snippet demonstrates the vulnerable section within the myprofile.php file
// Retrieving user profile information based on the 'id' parameter
$id = $_GET['id'];
$sql = "SELECT * FROM employees WHERE id = $id";
$result = mysqli_query($con, $sql);
As seen above, the user-supplied input $id is directly used in the SQL query without proper input validation. An attacker can simply manipulate the id parameter and inject an SQL payload, like 1 or 1=1, causing the query to return all employee records from the database.
The vulnerability can be exploited using a simple HTTP request similar to this example
GET /myprofile.php?id=1%20or%201=1 HTTP/1.1
Host: vulnerable.example.com
...
In this request, the attacker sends %20or%201=1 as the value for the id parameter, which results in executing a malicious SQL query that returns all employee records in the database.
Original References
- CVE-2024-1878 Details on NVD Website
- SourceCodester EMS Version 1. Project Homepage
Update the SourceCodester EMS to the latest version, which includes fixes for this vulnerability.
2. Apply proper input validation and sanitize user inputs before incorporating them into SQL queries. An example of using prepared statements in PHP to defend against SQL injection:
$id = $_GET['id'];
$sql = "SELECT * FROM employees WHERE id = ?";
$stmt = mysqli_prepare($con, $sql);
mysqli_stmt_bind_param($stmt, 'i', $id);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
Conclusion
The critical vulnerability CVE-2024-1878 in SourceCodester Employee Management System 1. demonstrates the importance of properly validating user inputs and the potential damage that SQL injection attacks can cause. By following the mitigation steps outlined in this post, you can protect your EMS installation from this vulnerability.
Timeline
Published on: 02/26/2024 16:27:54 UTC
Last modified on: 02/29/2024 09:15:06 UTC