CVE-2024-25308

Vulnerability

Simple School Management System version 1.0, a PHP-based web application, contains a SQL injection vulnerability in the name parameter of the teacher_login.php page [1]. The application fails to sanitize user input, allowing an attacker to inject arbitrary SQL commands. The vulnerable code path is reachable by any user who can access the login page without prior authentication [1].

Exploitation

To exploit the vulnerability, an attacker navigates to the teacher login page at /School/teacher_login.php and submits a crafted HTTP POST request with malicious input in the name parameter [1]. The attacker can capture the request using a proxy tool like Burp Suite and then use automated tools such as sqlmap to extract database contents [1]. The attack requires no authentication and can be performed remotely over the network [1].

Impact

Successful exploitation allows an attacker to compromise the underlying database, potentially leading to unauthorized access, data modification, or disclosure of sensitive information such as user credentials and school records [1]. The impact could extend to full database compromise depending on database server permissions [1].

Mitigation

As of the publication date (2024-02-09), no official patch or fixed version has been released by the vendor [1]. Users should consider input validation and parameterized queries as a workaround, or discontinue use of the application if no update is provided [1].