CVE-2024-25309

Vulnerability

The Simple School Managment System version 1.0 from Code-projects contains a SQL injection vulnerability in the pass parameter at the teacher login page School/teacher_login.php. The application fails to sanitize user-supplied input before using it in SQL queries, enabling an attacker to inject arbitrary SQL commands [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP POST request to the login endpoint, manipulating the pass parameter with SQL injection payloads. The attacker requires network access to the web application and no authentication, as the vulnerable endpoint is a login form. The exploit proof of concept uses sqlmap against a captured request to automate the injection and extract data from the database [1].

Impact

Successful exploitation allows an attacker to bypass authentication, retrieve sensitive information from the database (such as user credentials), modify database content, or potentially gain further access to the underlying system depending on database permissions. The compromised data could include personal information of students, teachers, and administrators [1].

Mitigation

As of the publication date (2024-02-09), no patched version or vendor-supplied fix is available. The vendor homepage and software link are provided, but no update has been released. The recommended mitigation is to apply input validation and parameterized queries to the login functionality, particularly the pass parameter [1]. Users should monitor the vendor's site for future updates.