CVE-2024-35584
published 2024-10-15CVE-2024-35584: SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition…
PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
6.52%
92.9th percentile
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from "X-Forwarded-For" header and appends it to a SQL INSERT statement directly, leading to SQL Injection.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| os4ed | opensis | — | — |
| os4ed | opensis | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SQL injection attempts via the X-Forwarded-For HTTP header targeting OpenSIS endpoints; inspect INSERT statements for unsanitised header values injected directly into SQL. ↗
- →Fingerprint OpenSIS instances by checking HTTP response body for the string 'openSIS' and the presence of 'donetext:' and "'Done'" strings, with HTTP 200 status on both probes.
- →Alert on HTTP requests to Ajax.php, ForWindow.php, ForExport.php, Modules.php, or functions/HackingLogFnc.php that include SQL metacharacters or injection payloads within the X-Forwarded-For header. ↗
- ·Exploitation requires an authenticated session; unauthenticated exploitation is not indicated by the available sources. ↗
- ·Affected version range is OpenSIS Community Edition 8.0 through 9.1 and possibly earlier versions; version fingerprinting from the nuclei template targets openSIS ≤ 7, suggesting broader coverage may be needed.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
openSIS < 9.1 - SQL Injection
nuclei·CVSS 8.8
CVE-2024-35584 [HIGH] openSIS < 9.1 - SQL Injection
openSIS =7
- contains(body_1, "openSIS") && contains_all(body_2, "donetext:", "\'Done\'")
- status_code_1 == 200 && status_code_2 == 200
condition: and
# digest: 4a0a00473045022100ee6d88e11d47d067ee3a0843c73c845c3e5c148096d5842866b9700b282793e702206489bea9c70e0e39d8ecce4ec9fbdc1aca60a8253e6795dfca5d9878760f02db:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2024-10-15
Published