CVE-2024-1924: Critical SQL Injection Vulnerability Found in CodeAstro Membership Management System 1.

A critical vulnerability has been identified in CodeAstro Membership Management System version 1. under the CVE identifier CVE-2024-1924. This vulnerability specifically targets the file "/get_membership_amount.php" and is related to a SQL injection attack. The successful exploitation of this vulnerability could potentially allow an attacker to compromise the system, leading to unauthorized access and critical data compromise. In this post, we’ll discuss the details of this vulnerability, how it works, and what steps you can take to protect your system from this exploit.

Vulnerability Details

As mentioned above, the SQL injection vulnerability exists in the "/get_membership_amount.php" file of the CodeAstro Membership Management System 1.. The flaw stems from the system incorrectly handling user input supplied to the "membershipTypeId" parameter. This allows an attacker to craft malicious SQL queries easily, which could lead to unauthorized system access, data modification, or extraction of sensitive data.

The vulnerability has been assigned an identifier of VDB-254859 and has been classified as critical. It is important to note that this exploit is possible to be executed remotely, and the disclosure of this vulnerability has been made public.

Here's a sample code snippet demonstrating the vulnerability

// vulnerable code in /get_membership_amount.php

$membershipTypeId = $_GET['membershipTypeId'];

// SQL query
$query = "SELECT amount FROM tbl_membership_types WHERE id = '$membershipTypeId'";

$result = mysqli_query($connection, $query);

In the above code, the unsanitized user input from the "membershipTypeId" parameter is directly included in the SQL query string. This allows an attacker to exploit this vulnerability easily by injecting malicious SQL code via the "membershipTypeId".

Exploit

To exploit this vulnerability, an attacker can craft a malicious URL, which includes the malicious SQL code as part of the "membershipTypeId" parameter. For example:

https://example.com/get_membership_amount.php?membershipTypeId=1 OR 1=1;--

In this example, the attacker has included a standard SQL injection payload, allowing them to gain unauthorized access to the system.

Mitigation

The most effective way of mitigating this vulnerability is by implementing proper input validation and sanitization techniques in your system. This should include using prepared statements (parameterized queries) or employing an ORM (Object-Relational Mapping) framework to handle database operations.

Vendor's Advisory

The vendor has already been notified about this vulnerability, and it is highly recommended for users of the affected system to patch or upgrade to the latest version as soon as possible. However, at the time of writing, no patch or security update has been released to address this issue.

Original References

For more details on this vulnerability, you can refer to the original advisory published by the discoverer of the vulnerability. The advisory, including all the information on the issue, can be found at the following link:

- VDB-254859

Conclusion

In conclusion, the CVE-2024-1924 vulnerability in the CodeAstro Membership Management System 1. is a critical security issue that must be addressed immediately. Users of the affected system should ensure they have implemented proper input validation and sanitization techniques on their systems, and keep an eye out for patches and updates from the vendor addressing this vulnerability.

Timeline

Published on: 02/27/2024 17:15:11 UTC
Last modified on: 03/21/2024 02:51:49 UTC