CVE-2023-48118 – This SQL injection vulnerability in Quest Analy... (How to Fix)

Q: What is the severity of CVE-2023-48118?

CVE-2023-48118 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in Quest Analytics IQCRM allows remote attackers to execute arbitrary SQL commands via crafted requests to the Common.svc WSDL page. Attackers can potentially read, modify, or delete database content, and in worst cases execute arbitrary code on the server. Organizations running vulnerable versions of IQCRM are affected.

📋 TL;DR

This SQL injection vulnerability in Quest Analytics IQCRM allows remote attackers to execute arbitrary SQL commands via crafted requests to the Common.svc WSDL page. Attackers can potentially read, modify, or delete database content, and in worst cases execute arbitrary code on the server. Organizations running vulnerable versions of IQCRM are affected.

💻 Affected Systems

Products:

Quest Analytics IQCRM

Versions: v.2023.9.5 and potentially earlier versions

Operating Systems: Windows (likely)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the Common.svc WSDL page which appears to be a default component of IQCRM installations.

📦 What is this software?

Iqcrm by Quest Analytics

View all CVEs affecting Iqcrm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including data exfiltration, data destruction, ransomware deployment, and persistent backdoor installation leading to business disruption and regulatory penalties.

🟠

Likely Case

Data theft or manipulation of CRM data, potential privilege escalation within the application, and possible lateral movement within the network.

🟢

If Mitigated

Limited to attempted exploitation attempts that are blocked by WAFs or other security controls, with no successful compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept is publicly available on GitHub, making exploitation straightforward for attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.quest-analytics.com/

Restart Required: No

Instructions:

1. Contact Quest Analytics support for patch availability. 2. If patch is available, download from vendor portal. 3. Apply patch following vendor instructions. 4. Test application functionality post-patch.

🔧 Temporary Workarounds

WAF Rule Implementation

all

Deploy Web Application Firewall rules to block SQL injection patterns targeting Common.svc

Network Segmentation

all

Restrict access to IQCRM application to only authorized internal networks

🧯 If You Can't Patch

Implement strict input validation and parameterized queries at the application level
Deploy network-level controls to restrict access to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Test for SQL injection vulnerabilities in Common.svc WSDL endpoint using safe testing methods or review application logs for injection attempts.

Check Version:

Check IQCRM application version through administrative interface or application metadata

Verify Fix Applied:

Verify that SQL injection attempts against Common.svc endpoint are properly rejected and no longer execute arbitrary SQL commands.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed login attempts followed by SQL syntax in requests
Requests to Common.svc with SQL keywords in parameters

Network Indicators:

Unusual outbound database connections from application server
SQL error messages in HTTP responses

SIEM Query:

source="iqcrm_logs" AND ("Common.svc" AND ("SELECT", "UNION", "INSERT", "DELETE", "DROP", "OR 1=1"))

📊 Metadata

CVE ID: CVE-2023-48118

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 22, 2024

Last Updated: June 20, 2025

🔗 References

https://github.com/el-dud3rino/CVE-Disclosures/blob/main/Quest%20Analytics%20IQCRM/Proof%20of%20Concept Exploit
https://github.com/el-dud3rino/CVE-Disclosures/blob/main/README.md Third Party Advisory
https://www.quest-analytics.com/ Product
https://github.com/el-dud3rino/CVE-Disclosures/blob/main/Quest%20Analytics%20IQCRM/Proof%20of%20Concept Exploit
https://github.com/el-dud3rino/CVE-Disclosures/blob/main/README.md Third Party Advisory
https://www.quest-analytics.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48118, you might also want to check these: