Plattform
php
Komponente
eclass-platform
Behoben in
2.25.10.2.1
CVE-2019-9885 describes a critical SQL Injection vulnerability affecting the eClass platform. This flaw allows attackers to inject malicious SQL commands, potentially granting unauthorized access to sensitive data and compromising the entire system. The vulnerability impacts versions of eClass up to and including 2.25.10.2.1. A patch is available in version 2.25.10.2.1.
Successful exploitation of CVE-2019-9885 allows an attacker to execute arbitrary SQL commands against the eClass platform's database. This could lead to unauthorized access to student records, grades, course materials, and administrative credentials. An attacker could potentially modify or delete data, leading to significant disruption of the platform's functionality. The blast radius extends to all data stored within the database accessible by the vulnerable SQL query, potentially impacting the entire institution using the eClass platform. While no specific real-world exploitation has been publicly reported, the SQL Injection nature of the vulnerability makes it a high-risk target for malicious actors.
CVE-2019-9885 was publicly disclosed on July 25, 2019. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are available, indicating a moderate risk of exploitation. The relatively simple nature of SQL Injection vulnerabilities makes them attractive targets for both automated scanners and targeted attacks.
Educational institutions and organizations utilizing the eClass platform for student management are at significant risk. Specifically, those running legacy installations of eClass prior to version 2.25.10.2.1 are highly vulnerable. Shared hosting environments where multiple eClass instances reside on the same server are also at increased risk, as a compromise of one instance could potentially impact others.
• php: Examine web server access logs for requests to /admin/academic/studenview_left.php with unusual or malformed StudentID parameters containing SQL keywords (e.g., SELECT, UNION, DROP).
• database (mysql): If database access is possible, check for unauthorized database users or unusual table modifications that could indicate exploitation.
• generic web: Use curl to test the /admin/academic/studenview_left.php endpoint with various SQL injection payloads to observe error responses or unexpected behavior.
curl 'http://example.com/admin/academic/studenview_left.php?StudentID=1%20UNION%20SELECT%201,2,3' disclosure
Exploit-Status
EPSS
0.63% (70% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2019-9885 is to immediately upgrade the eClass platform to version 2.25.10.2.1 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter requests containing suspicious SQL injection patterns targeting the /admin/academic/studenviewleft.php endpoint. Specifically, block requests containing SQL keywords (SELECT, INSERT, UPDATE, DELETE, DROP) within the StudentID parameter. Additionally, review and restrict access to the /admin/academic/studenviewleft.php endpoint to authorized personnel only. After upgrading, verify the fix by attempting to inject a simple SQL query through the StudentID parameter and confirming that it is properly sanitized and does not execute.
Aktualisieren Sie die eClass Plattform auf Version 2.25.10.2.1 oder höher. Dieses Update behebt die (SQL Injection) Schwachstelle im StudentID Parameter von /admin/academic/studenview_left.php.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-9885 is a critical SQL Injection vulnerability in eClass platform versions up to 2.25.10.2.1, allowing attackers to execute SQL commands via a vulnerable parameter.
You are affected if you are running eClass platform versions prior to 2.25.10.2.1. Immediately check your version and upgrade if necessary.
Upgrade to eClass platform version 2.25.10.2.1 or later to resolve this vulnerability. Implement input validation as a temporary workaround if upgrading is not immediately possible.
While no active exploitation campaigns have been publicly reported, the vulnerability's severity and ease of exploitation make it a significant risk.
Refer to the eClass security advisories on their official website for detailed information and updates regarding CVE-2019-9885.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.