CVE-2024-51211
published 2024-11-08CVE-2024-51211: SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.19%
80.2th percentile
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| os4ed | opensis | — | — |
| os4ed | opensis | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/ResetUserInfo.php?user_type_form=username&uname_user_type=uname_student&username_stn_id=21+OR+3720%3dBENCHMARK(7000000,MD5(0x6e48446e))&pass=1&month_username_dob=x&day_username_dob=x&year_username_dob=x
commandusername_stn_id=21+OR+3720%3dBENCHMARK(7000000,MD5(0x6e48446e))
- →Time-based SQL injection detection: look for HTTP GET requests to /ResetUserInfo.php with a BENCHMARK() payload in the username_stn_id parameter causing response duration >= 7 seconds.
- →Confirm exploitation by checking that the HTTP 200 response body contains both 'forgotpass.php' and 'opensis' (case-insensitive), indicating a valid openSIS instance was targeted.
- →Use FOFA/Shodan queries 'title="openSIS"' or 'title:"openSIS"' to identify exposed openSIS instances for proactive scanning.
- →The vulnerable parameter is $username_stn_id in the GET request to ResetUserInfo.php; monitor web logs for BENCHMARK() or OR-based SQL injection patterns in this parameter.
- ·The vulnerability is unauthenticated (PR:N, UI:N) and network-reachable (AV:N), meaning no credentials are required to exploit it against any exposed openSIS Classic v9.1 instance. ↗
- ·The exploit uses a time-based blind SQL injection technique via MySQL's BENCHMARK() function with 7,000,000 iterations; detection rules should account for a response delay threshold of >= 7 seconds.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cmj4-q56c-v7p7: SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9
ghsa_unreviewed·2024-11-08
CVE-2024-51211 [CRITICAL] CWE-89 GHSA-cmj4-q56c-v7p7: SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.
VulnCheck
OS4ED openSIS-Classic SQL Injection Vulnerability
vulncheck·2024·CVSS 9.8
CVE-2024-51211 [CRITICAL] OS4ED openSIS-Classic SQL Injection Vulnerability
OS4ED openSIS-Classic SQL Injection Vulnerability
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.
Affected: OS4ED openSIS-Classic
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-12-05&host_type=src&vulnerability=cve-2024-51211; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-06-08&host_type=src&vulnerability=cve
No detection rules found.
Nuclei
openSIS Classic v9.1 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-51211 [CRITICAL] openSIS Classic v9.1 - SQL Injection
openSIS Classic v9.1 - SQL Injection
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.
Template:
id: CVE-2024-51211
info:
name: openSIS Classic v9.1 - SQL Injection
author: Haliteroglu
severity: critical
description: |
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.
impact: |
Attackers can exploit this vulnerability to compromise sy
No writeups or analysis indexed.
2024-11-08
Published
Exploited in the wild