CVE-2024-36597
published 2024-06-14CVE-2024-36597: Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
PriorityP355high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.36%
81.6th percentile
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| projectworlds | life_insurance_management_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor GET requests to /lims/clientStatus.php containing SQL injection patterns in the client_id parameter, specifically URL-encoded single quotes (%27) followed by OR/comment sequences (e.g., OR 1=1 -- a). ↗
- →Alert on SQL injection payloads in the client_id parameter at clientStatus.php, as this is the confirmed vulnerable injection point. ↗
- →Inspect navigation flow: requests to /clientStatus.php originating from /client.php (via 'Client Status' action) are the expected attack path. ↗
- ·The exploit was tested on Linux with the application hosted under the /lims/ path; deployments under a different base path may require adjusted detection rules. ↗
- ·Authentication is required prior to exploitation; the attacker must have valid credentials to reach the vulnerable clientStatus.php endpoint. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c68bfd3708a7d6e089181024131f4e927/vendors/projectworlds.in/AEGON%20LIFE%20v1.0%20Life%20Insurance%20Management%20System/CVE-2024-36597https://www.exploit-db.com/exploits/52046https://github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c68bfd3708a7d6e089181024131f4e927/vendors/projectworlds.in/AEGON%20LIFE%20v1.0%20Life%20Insurance%20Management%20System/CVE-2024-36597
2024-06-14
Published