Platform
php
Component
siadmin
Opgelost in
1.1.1
CVE-2024-4991 represents a critical SQL Injection vulnerability discovered in SiAdmin versions 1.1. This flaw allows a remote attacker to inject malicious SQL queries, potentially leading to unauthorized data access and manipulation. The vulnerability resides within the /modul/modpass/aksipass.php parameter and impacts SiAdmin version 1.1. A patch is available in version 1.1.1.
The impact of CVE-2024-4991 is severe. A successful exploit allows an attacker to bypass authentication and directly query the SiAdmin database. This could result in the exfiltration of sensitive user data, including usernames, passwords, and potentially other confidential information stored within the application. Depending on the database schema, an attacker might also be able to modify or delete data, leading to data integrity issues and service disruption. The blast radius extends to all users of the vulnerable SiAdmin instance, as any external user can potentially trigger the injection.
CVE-2024-4991 was publicly disclosed on 2024-05-16. The vulnerability's ease of exploitation and the potential for significant data compromise suggest a medium probability of exploitation. No public proof-of-concept code has been widely reported as of this writing, but the vulnerability's nature makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations utilizing SiAdmin version 1.1 for user management or access control are at significant risk. This includes small to medium-sized businesses relying on SiAdmin for their internal systems, as well as shared hosting environments where multiple users might be running vulnerable instances of SiAdmin.
• php / web:
curl -s -X POST "http://<target>/modul/mod_pass/aksi_pass.php?nama_lengkap='; DROP TABLE users;--" | grep "error"• generic web:
curl -s -X POST "http://<target>/modul/mod_pass/aksi_pass.php?nama_lengkap=test' OR 1=1 -- " | grep "test"disclosure
Exploit Status
EPSS
1.40% (80% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-4991 is to immediately upgrade SiAdmin to version 1.1.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts targeting the /modul/modpass/aksipass.php parameter. Input validation and sanitization on the server-side are crucial to prevent further SQL injection vulnerabilities. After upgrading, confirm the fix by attempting a SQL injection attack on the /modul/modpass/aksipass.php parameter and verifying that the attack is blocked.
Actualizar SiAdmin a una versión parcheada que solucione la vulnerabilidad de inyección SQL. Si no hay una versión parcheada disponible, considere deshabilitar o eliminar el módulo 'mod_pass' hasta que se publique una solución. Implemente medidas de seguridad adicionales, como la validación y el saneamiento de entradas, para mitigar el riesgo de inyección SQL.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-4991 is a critical SQL Injection vulnerability affecting SiAdmin versions 1.1, allowing attackers to potentially extract data from the database via the aksi_pass.php parameter.
If you are running SiAdmin version 1.1, you are vulnerable. Upgrade to version 1.1.1 to resolve the issue.
The recommended fix is to upgrade SiAdmin to version 1.1.1 or later. As a temporary workaround, implement a WAF rule to filter malicious SQL injection attempts.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a potential for active exploitation. Continuous monitoring is advised.
Refer to the SiAdmin project's official website or security advisory channels for the latest information and updates regarding CVE-2024-4991.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.