Login Sign Up

CVE-2023-37472

7.7 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in Knowage allows authenticated attackers to execute arbitrary SQL queries through unsanitized user input in HQL parameters. Attackers with low-privilege accounts can extract sensitive database information including credentials and business data. Only Knowage installations before version 8.1.8 are affected.

💻 Affected Systems

Products:
  • Knowage Server
Versions: All versions before 8.1.8
Operating Systems: All platforms running Knowage
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access but low-privilege accounts are sufficient

📦 What is this software?

Knowage by Eng

View all CVEs affecting Knowage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including credential theft, data exfiltration, and potential lateral movement to other systems

🟠

Likely Case

Extraction of sensitive business intelligence data and user credentials from the database

🟢

If Mitigated

Limited impact if proper input validation and least privilege database accounts are implemented

🌐 Internet-Facing: HIGH if Knowage is exposed to the internet with vulnerable versions
🏢 Internal Only: MEDIUM as it requires authenticated access but internal attackers could exploit it

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but SQL injection techniques are well-documented and easy to weaponize

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.1.8

Vendor Advisory: https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-2j3f-f696-7rgj

Restart Required: Yes

Instructions:

1. Backup your Knowage installation and database. 2. Download Knowage version 8.1.8 or later from official sources. 3. Follow the official upgrade documentation for your deployment method. 4. Restart the Knowage service. 5. Verify the fix by testing the vulnerable endpoint.

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries at the application layer
  • Apply network segmentation and restrict database access to minimum required privileges

🔍 How to Verify

Check if Vulnerable:

Check Knowage version via admin interface or configuration files. If version is below 8.1.8, the system is vulnerable.

Check Version:

Check the knowage.version property in configuration files or use the admin web interface

Verify Fix Applied:

After upgrading to 8.1.8 or later, test the /knowage/restful-services/2.0/documents/listDocument endpoint with SQL injection payloads to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL query patterns in database logs
  • Multiple failed login attempts followed by document list requests
  • Requests to /knowage/restful-services/2.0/documents/listDocument with unusual parameters

Network Indicators:

  • HTTP POST requests to vulnerable endpoint containing SQL keywords or special characters in parameters

SIEM Query:

source="web_server" AND uri="/knowage/restful-services/2.0/documents/listDocument" AND (param="label" AND value CONTAINS "'" OR value CONTAINS "--" OR value CONTAINS "UNION")

📊 Metadata

CVE ID: CVE-2023-37472
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE: CWE-89
Published: July 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37472, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)