CVE-2023-24206 – Davinci v0.3.0-rc contains a SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2023-24206?

CVE-2023-24206 has a CVSS score of 9.8 (CRITICAL). Davinci v0.3.0-rc contains a SQL injection vulnerability in the copyDisplay function that allows attackers to execute arbitrary SQL commands. This affects all deployments using the vulnerable version. Attackers could potentially access, modify, or delete database content.

📋 TL;DR

Davinci v0.3.0-rc contains a SQL injection vulnerability in the copyDisplay function that allows attackers to execute arbitrary SQL commands. This affects all deployments using the vulnerable version. Attackers could potentially access, modify, or delete database content.

💻 Affected Systems

Products:

Davinci

Versions: v0.3.0-rc

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Davinci v0.3.0-rc release candidate version

📦 What is this software?

Davinci by Davinci Project

View all CVEs affecting Davinci →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access and potential data manipulation in the Davinci database.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection via copyDisplay function requires some user interaction but is technically simple to exploit

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.3.0 or later

Vendor Advisory: https://github.com/edp963/davinci/issues/2320

Restart Required: Yes

Instructions:

1. Upgrade Davinci to v0.3.0 or later. 2. Restart the Davinci service. 3. Verify the fix by testing the copyDisplay function.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement input validation for the copyDisplay function parameters

Modify source code to sanitize user inputs before SQL execution

Database Permission Restriction

all

Limit database user permissions to read-only where possible

ALTER USER 'davinci_user'@'localhost' WITH GRANT OPTION;
REVOKE ALL PRIVILEGES ON davinci_db.* FROM 'davinci_user'@'localhost';
GRANT SELECT ON davinci_db.* TO 'davinci_user'@'localhost';

🧯 If You Can't Patch

Disable or restrict access to the copyDisplay function
Implement web application firewall (WAF) with SQL injection rules

🔍 How to Verify

Check if Vulnerable:

Check Davinci version: if running v0.3.0-rc, you are vulnerable

Check Version:

Check Davinci web interface or configuration files for version information

Verify Fix Applied:

Verify Davinci version is v0.3.0 or later and test copyDisplay function with SQL injection attempts

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed copyDisplay attempts
SQL syntax errors in application logs

Network Indicators:

Unusual database connection patterns
SQL keywords in HTTP POST parameters

SIEM Query:

source="davinci_logs" AND ("copyDisplay" OR "SQL" OR "syntax")

📊 Metadata

CVE ID: CVE-2023-24206

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 27, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/edp963/davinci/issues/2320 Exploit,Issue Tracking,Third Party Advisory
https://github.com/edp963/davinci/issues/2320 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24206, you might also want to check these: