cbcvebase.
CVE-2024-35584
published 2024-10-15

CVE-2024-35584: SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition…

PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
6.52%
92.9th percentile
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from "X-Forwarded-For" header and appends it to a SQL INSERT statement directly, leading to SQL Injection.

Affected

2 ranges
VendorProductVersion rangeFixed in
os4edopensis
os4edopensis

Detection & IOCsextracted from sources · hover to see the quote

otherX-Forwarded-For
pathAjax.php
pathForWindow.php
pathForExport.php
pathModules.php
pathfunctions/HackingLogFnc.php
  • Detect SQL injection attempts via the X-Forwarded-For HTTP header targeting OpenSIS endpoints; inspect INSERT statements for unsanitised header values injected directly into SQL.
  • Fingerprint OpenSIS instances by checking HTTP response body for the string 'openSIS' and the presence of 'donetext:' and "'Done'" strings, with HTTP 200 status on both probes.
  • Alert on HTTP requests to Ajax.php, ForWindow.php, ForExport.php, Modules.php, or functions/HackingLogFnc.php that include SQL metacharacters or injection payloads within the X-Forwarded-For header.
  • ·Exploitation requires an authenticated session; unauthenticated exploitation is not indicated by the available sources.
  • ·Affected version range is OpenSIS Community Edition 8.0 through 9.1 and possibly earlier versions; version fingerprinting from the nuclei template targets openSIS ≤ 7, suggesting broader coverage may be needed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.