Login Sign Up

CVE-2023-41364

9.8 CRITICAL
SQL Injection

📋 TL;DR

This SQL injection vulnerability in Tine Groupware allows attackers to execute arbitrary SQL commands through the sort parameter of the /index.php endpoint. All Tine installations up to version 2023.01.14.325 are affected, potentially exposing database contents and enabling further system compromise.

💻 Affected Systems

Products:
  • Tine Groupware
Versions: All versions through 2023.01.14.325
Operating Systems: All platforms running Tine
Default Config Vulnerable: ⚠️ Yes
Notes: All standard Tine installations are vulnerable; no special configuration required for exploitation.

📦 What is this software?

Tine by Metaways

View all CVEs affecting Tine →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and potential remote code execution on the underlying server.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information, and potential authentication bypass.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection via HTTP parameter manipulation is well-understood and easily automated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.01.14.326 or later

Vendor Advisory: https://www.tine-groupware.de/

Restart Required: Yes

Instructions:

1. Backup your Tine installation and database. 2. Download the latest version from the official Tine website. 3. Follow the Tine upgrade documentation to apply the update. 4. Restart the web server and Tine services.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to block malicious requests.

Input Validation Filter

all

Implement custom input validation for the sort parameter to reject SQL keywords.

🧯 If You Can't Patch

  • Isolate the Tine server from internet access and restrict to trusted networks only.
  • Implement strict network segmentation and monitor all traffic to the Tine server for suspicious SQL patterns.

🔍 How to Verify

Check if Vulnerable:

Test the /index.php endpoint with SQL injection payloads in the sort parameter (e.g., sort=1' OR '1'='1).

Check Version:

Check the Tine version in the web interface or configuration files.

Verify Fix Applied:

After patching, retest with SQL injection payloads; successful requests should be blocked or sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in web server logs
  • Requests with SQL keywords in sort parameter
  • Multiple failed login attempts following SQL injection attempts

Network Indicators:

  • HTTP requests containing SQL syntax in URL parameters
  • Unusual database query patterns from the web server

SIEM Query:

source="web_server_logs" AND ("sort=*sql*" OR "sort=*union*" OR "sort=*select*")

📊 Metadata

CVE ID: CVE-2023-41364
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: September 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41364, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)