修复版本
1.1.1
CVE-2024-4992 represents a critical SQL Injection vulnerability discovered in SiAdmin, version 1.1. This flaw allows a remote attacker to inject malicious SQL queries through the /modul/modkuliah/aksikuliah.php parameter, potentially leading to unauthorized data access. The vulnerability impacts SiAdmin versions 1.1, and a patch is available in version 1.1.1.
Successful exploitation of CVE-2024-4992 could grant an attacker complete access to the SiAdmin database. This includes the ability to read, modify, or delete any data stored within the database, such as user credentials, student records, course information, and other sensitive data. The attacker could also potentially use the SQL injection to execute arbitrary commands on the underlying server, leading to a complete system compromise. The impact is particularly severe given the potential for widespread data exfiltration and disruption of services.
CVE-2024-4992 was publicly disclosed on 2024-05-16. The vulnerability's ease of exploitation, combined with the critical CVSS score, suggests a high probability of exploitation. No public proof-of-concept (PoC) code has been observed as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Educational institutions and organizations utilizing SiAdmin version 1.1 for student management or course administration are at significant risk. Shared hosting environments where SiAdmin is installed alongside other applications are particularly vulnerable due to the potential for cross-site contamination.
• php: Examine web server access logs for requests to /modul/modkuliah/aksikuliah.php containing unusual characters or SQL keywords in the nim parameter.
grep 'nim=[^a-zA-Z0-9]' /var/log/apache2/access.log• php: Check the SiAdmin database for unexpected tables or data modifications that could indicate a successful SQL injection attack.
SELECT table_name FROM information_schema.tables WHERE table_schema = 'siadmin' AND table_name NOT IN ('users', 'courses', 'students');• generic web: Monitor network traffic for unusual database queries originating from the SiAdmin server. Use tools like Wireshark or tcpdump to capture and analyze network packets.
disclosure
漏洞利用状态
EPSS
1.40% (80% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-4992 is to immediately upgrade SiAdmin to version 1.1.1, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL queries targeting the /modul/modkuliah/aksikuliah.php parameter. Input validation on the nim parameter is also crucial to prevent SQL injection attempts. Regularly review and update database access permissions to limit the potential impact of a successful attack.
Actualice SiAdmin a una versión parcheada que solucione la vulnerabilidad de inyección SQL. Si no hay una versión parcheada disponible, considere deshabilitar o eliminar el módulo afectado (mod_kuliah) hasta que se publique una solución. Consulte el sitio web del proveedor para obtener actualizaciones y parches de seguridad.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-4992 is a critical SQL Injection vulnerability in SiAdmin version 1.1, allowing attackers to inject malicious SQL queries via the /modul/modkuliah/aksikuliah.php parameter to potentially access sensitive data.
If you are running SiAdmin version 1.1, you are vulnerable to this SQL Injection flaw. Upgrade to version 1.1.1 to mitigate the risk.
The recommended fix is to upgrade SiAdmin to version 1.1.1. As a temporary workaround, implement a WAF rule to filter malicious SQL queries targeting the vulnerable parameter.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. Continuous monitoring is advised.
Refer to the SiAdmin project's official website or security advisory page for the latest information and updates regarding CVE-2024-4992.