Login Sign Up

CVE-2024-10440

9.8 CRITICAL
SQL Injection

📋 TL;DR

The eHDR CTMS from Sunnet contains a SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL commands. This enables attackers to read, modify, or delete database contents without authentication. Organizations using Sunnet's eHDR CTMS are affected.

💻 Affected Systems

Products:
  • Sunnet eHDR CTMS
Versions: Specific versions not detailed in references, but all unpatched versions appear vulnerable.
Operating Systems: Not specified, likely multiple
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the eHDR CTMS application itself, not dependent on specific OS configurations.

📦 What is this software?

Ehrd Ctms by Sun.net

View all CVEs affecting Ehrd Ctms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the database including data theft, data destruction, and potential lateral movement to other systems.

🟠

Likely Case

Data exfiltration of sensitive clinical trial information and potential database corruption.

🟢

If Mitigated

Limited impact if proper network segmentation and database access controls are implemented.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing instances extremely vulnerable.
🏢 Internal Only: HIGH - Even internal instances are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with readily available tools like sqlmap.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-8169-0632f-2.html

Restart Required: Yes

Instructions:

1. Contact Sunnet for the security patch. 2. Apply the patch following vendor instructions. 3. Restart the eHDR CTMS application. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the eHDR CTMS from internet access and restrict internal network access.

Web Application Firewall

all

Deploy a WAF with SQL injection protection rules to block exploitation attempts.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the eHDR CTMS interface.
  • Enable detailed database audit logging and monitor for unusual SQL query patterns.

🔍 How to Verify

Check if Vulnerable:

Test for SQL injection using safe testing methods on input parameters, or check with vendor for vulnerability assessment tools.

Check Version:

Check application version through admin interface or contact vendor for version identification methods.

Verify Fix Applied:

Re-test for SQL injection after patch application to confirm vulnerability is remediated.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL query patterns in database logs
  • Multiple failed login attempts or parameter manipulation in web logs

Network Indicators:

  • SQL injection payloads in HTTP requests to eHDR CTMS endpoints

SIEM Query:

source="web_logs" AND (url="*eHDR*" OR app="eHDR") AND (message="*sql*" OR message="*union*" OR message="*select*" OR message="*' OR '1'='1*")

📊 Metadata

CVE ID: CVE-2024-10440
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: October 28, 2024
Last Updated: September 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10440, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)