cbcvebase.
CVE-2024-36597
published 2024-06-14

CVE-2024-36597: Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.

PriorityP355high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.36%
81.6th percentile
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
projectworldslife_insurance_management_system

Detection & IOCsextracted from sources · hover to see the quote

path/lims/clientStatus.php
commandclient_id=1511986023%27%20OR%201=1%20--%20a
urlhttps://projectworlds.in/life-insurance-management-system-in-php/
  • Monitor GET requests to /lims/clientStatus.php containing SQL injection patterns in the client_id parameter, specifically URL-encoded single quotes (%27) followed by OR/comment sequences (e.g., OR 1=1 -- a).
  • Alert on SQL injection payloads in the client_id parameter at clientStatus.php, as this is the confirmed vulnerable injection point.
  • Inspect navigation flow: requests to /clientStatus.php originating from /client.php (via 'Client Status' action) are the expected attack path.
  • ·The exploit was tested on Linux with the application hosted under the /lims/ path; deployments under a different base path may require adjusted detection rules.
  • ·Authentication is required prior to exploitation; the attacker must have valid credentials to reach the vulnerable clientStatus.php endpoint.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.