CVE-2024-22108 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-22108?

CVE-2024-22108 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to perform SQL injection against GTB Central Console, enabling them to change the administrator password to a known value. This affects all systems running GTB Central Console version 15.17.1-30814.NG, potentially leading to complete system compromise.

📋 TL;DR

This vulnerability allows unauthenticated attackers to perform SQL injection against GTB Central Console, enabling them to change the administrator password to a known value. This affects all systems running GTB Central Console version 15.17.1-30814.NG, potentially leading to complete system compromise.

💻 Affected Systems

Products:

GTB Central Console

Versions: 15.17.1-30814.NG

Operating Systems: Linux (based on file path references)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable endpoint /ccapi.php appears to be accessible by default configuration.

📦 What is this software?

Gtb Central Console by Gttb

View all CVEs affecting Gtb Central Console →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover, data exfiltration, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Administrative account compromise leading to unauthorized access, configuration changes, and potential data theft.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and authentication controls are in place.

🌐 Internet-Facing: HIGH - Unauthenticated exploit allows remote attackers to compromise systems exposed to the internet.

🏢 Internal Only: HIGH - Even internally, unauthenticated access makes this highly dangerous if exploited.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code and detailed analysis available in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates and apply immediately when available.

🔧 Temporary Workarounds

Block access to vulnerable endpoint

linux

Restrict access to /ccapi.php using web server configuration or firewall rules

# Apache: RewriteRule ^/ccapi\.php$ - [F,L]
# Nginx: location = /ccapi.php { deny all; }

Implement WAF rules

all

Add SQL injection detection rules for the setTermsHashAction parameter

🧯 If You Can't Patch

Isolate the GTB Central Console system from internet access and restrict internal network access
Implement strict monitoring and alerting for authentication events and password changes

🔍 How to Verify

Check if Vulnerable:

Check if GTB Central Console version is 15.17.1-30814.NG and if /ccapi.php is accessible

Check Version:

Check application interface or configuration files for version information

Verify Fix Applied:

Verify version has been updated or that /ccapi.php endpoint is no longer accessible/functional

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /ccapi.php with setTermsHashAction parameter
Administrator password change events from unexpected sources

Network Indicators:

SQL injection patterns in HTTP requests to /ccapi.php
Unauthenticated access attempts to administrative endpoints

SIEM Query:

source="web_logs" AND uri="/ccapi.php" AND (param="setTermsHashAction" OR sql_injection_indicators)

📊 Metadata

CVE ID: CVE-2024-22108

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 2, 2024

Last Updated: June 5, 2025

🔗 References

https://adepts.of0x.cc/gtbcc-pwned/ Exploit,Third Party Advisory
https://x-c3ll.github.io/cves.html Exploit
https://adepts.of0x.cc/gtbcc-pwned/ Exploit,Third Party Advisory
https://x-c3ll.github.io/cves.html Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22108, you might also want to check these: