CVE-2020-10563 – CVE-2020-10563 is a SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2020-10563?

CVE-2020-10563 has a CVSS score of 9.8 (CRITICAL). CVE-2020-10563 is a SQL injection vulnerability in DEVOME GRR's frmcontactlist.php file that allows attackers to execute arbitrary SQL commands. This affects all users of GRR versions before 3.4.1c. Successful exploitation could lead to data theft, modification, or deletion.

📋 TL;DR

CVE-2020-10563 is a SQL injection vulnerability in DEVOME GRR's frmcontactlist.php file that allows attackers to execute arbitrary SQL commands. This affects all users of GRR versions before 3.4.1c. Successful exploitation could lead to data theft, modification, or deletion.

💻 Affected Systems

Products:

DEVOME GRR

Versions: All versions before 3.4.1c

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires PHP environment with database connectivity.

📦 What is this software?

Grr by Devome

View all CVEs affecting Grr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, modification, or deletion; potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized access to sensitive contact data, potential privilege escalation, and data manipulation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity when unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.1c

Vendor Advisory: https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c

Restart Required: No

Instructions:

1. Download GRR version 3.4.1c from GitHub releases. 2. Replace existing installation files with patched version. 3. Verify the frmcontactlist.php file has been updated.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for all user inputs in frmcontactlist.php

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns

🧯 If You Can't Patch

Restrict access to frmcontactlist.php to authorized users only
Implement network segmentation to isolate the GRR application

🔍 How to Verify

Check if Vulnerable:

Check if GRR version is below 3.4.1c and examine frmcontactlist.php for lack of parameterized queries

Check Version:

Check GRR configuration files or admin interface for version information

Verify Fix Applied:

Verify GRR version is 3.4.1c or higher and check commit 2c6edacd9e15c75a0c2ef472470481ffb6edc7d8 is applied

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts or SQL errors in web server logs

Network Indicators:

Unusual database connection patterns from web server
SQL injection patterns in HTTP requests

SIEM Query:

source="web_logs" AND ("sql" OR "injection" OR "frmcontactlist.php")

📊 Metadata

CVE ID: CVE-2020-10563

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 13, 2020

Last Updated: November 21, 2024

🔗 References

https://cvecps.mitre.org/cps/workitems/create/?cveId=CVE-2020-10563 Broken Link
https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8 Patch,Third Party Advisory
https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c Release Notes,Third Party Advisory
https://cvecps.mitre.org/cps/workitems/create/?cveId=CVE-2020-10563 Broken Link
https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8 Patch,Third Party Advisory
https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c Release Notes,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-10563, you might also want to check these: