CVE-2024–30982: SQL Injection Vulnerability in Cyber Cafe Management System Using PHP & MySQL v1.0 by Phpgurukul

Introduction: Cybersecurity is paramount in today’s digital age, and the discovery of vulnerabilities is crucial in ensuring the safety and integrity of systems. Today, I bring to light a significant vulnerability found in the Cyber Cafe Management System Using PHP & MySQL v1.0 developed by Phpgurukul. This vulnerability, identified as CVE-2024–30982, exposes the system to SQL Injection attacks, potentially leading to unauthorized access and code execution.

Overview: The vulnerability resides in the “/view-user-detail.php” component of the Cyber Cafe Management System (CCMS), where inadequate input validation allows attackers to execute malicious SQL queries against the underlying MySQL database. By exploiting this vulnerability, attackers can manipulate the system’s behavior, potentially accessing sensitive data or executing arbitrary code.

CVE Identifier: CVE-2024–30982 has been assigned to this vulnerability, providing a standardized reference for tracking and addressing the issue. This identifier facilitates collaboration among cybersecurity professionals and enables affected parties to take appropriate measures to mitigate the risk.

Description: The vulnerability arises due to insufficient input validation in the “upid” parameter within the “/view-user-detail.php” file of the Cyber Cafe Management System. By injecting a crafted SQL payload into the “upid” parameter, attackers can execute arbitrary SQL queries against the database. For example, injecting -

"' AND (SELECT 7579 FROM (SELECT(SLEEP(5)))EaBg) AND 'pjRs'='pjRs"

Into the “upid” parameter causes a delay of approximately 5 seconds, indicating a successful SQL Injection attack.

Affected Component: The SQL Injection vulnerability affects the “upid” parameter within the “/view-user-detail.php” file of the Cyber Cafe Management System.

Conclusion: CVE-2024–30982 highlights the importance of robust security practices in software development and deployment. By addressing vulnerabilities like SQL Injection in the Cyber Cafe Management System, we can enhance the security posture of our digital infrastructure and mitigate the risk of exploitation. Let us remain vigilant in our efforts to protect sensitive data and uphold the integrity of our systems.

Reference:

Cyber Cafe Management System Using PHP & MySQL , Cyber Cafe Management System Project

Thank You For Reading!

By: Shanu Nirwan