Login Sign Up

CVE-2024-26264

9.8 CRITICAL
SQL Injection Authentication Bypass

📋 TL;DR

CVE-2024-26264 is an unauthenticated SQL injection vulnerability in EBM Technologies RISWEB's query function. Remote attackers can execute arbitrary SQL commands without authentication, potentially compromising the entire database. Organizations using affected EBM Technologies RISWEB versions are at risk.

💻 Affected Systems

Products:
  • EBM Technologies RISWEB
Versions: Specific versions not detailed in references, but likely multiple versions before patch.
Operating Systems: Windows (typical for RISWEB deployments)
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerable query function page is accessible without login in default configurations.

📦 What is this software?

Risweb by Ebmtech

View all CVEs affecting Risweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, modification, deletion, and potential system takeover via command execution.

🟠

Likely Case

Data exfiltration of sensitive medical records and system information, followed by database corruption or ransomware deployment.

🟢

If Mitigated

Limited impact with proper network segmentation, WAF rules, and input validation in place.

🌐 Internet-Facing: HIGH - Vulnerability is remotely exploitable without authentication on internet-facing systems.
🏢 Internal Only: HIGH - Even internal systems are vulnerable to network-accessible attacks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities are commonly weaponized, and this requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references, but vendor likely provides updates.

Vendor Advisory: https://www.twcert.org.tw/tw/cp-132-7677-b1c0f-1.html

Restart Required: Yes

Instructions:

1. Contact EBM Technologies for patch details. 2. Apply the latest security update. 3. Restart the RISWEB service. 4. Verify the fix.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to RISWEB to trusted IP addresses only.

Use firewall rules to allow only specific IPs to port 80/443

Web Application Firewall

all

Deploy WAF with SQL injection rules to block exploit attempts.

Configure WAF to block SQL injection patterns

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries in the application code.
  • Disable or restrict the vulnerable query function page if not essential.

🔍 How to Verify

Check if Vulnerable:

Test the specific query function with SQL injection payloads (e.g., ' OR '1'='1) without authentication.

Check Version:

Check RISWEB version via web interface or configuration files.

Verify Fix Applied:

Retest with SQL injection payloads after patching; ensure no database errors or unauthorized access.

📡 Detection & Monitoring

Log Indicators:

  • SQL syntax errors in application logs
  • Unusual database queries from web server IP

Network Indicators:

  • HTTP requests with SQL keywords (SELECT, UNION, etc.) to the query function

SIEM Query:

source="web_logs" AND (url="*query_function*" AND (method="POST" OR method="GET") AND (content="*SELECT*" OR content="*UNION*" OR content="*OR '1'='1*"))

📊 Metadata

CVE ID: CVE-2024-26264
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: February 15, 2024
Last Updated: January 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26264, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)