CVE-2024-29723 – SQL injection vulnerability in SportsNET versio... (How to Fix)

Q: What is the severity of CVE-2024-29723?

CVE-2024-29723 has a CVSS score of 9.8 (CRITICAL). SQL injection vulnerability in SportsNET version 4.0.1 allows attackers to execute arbitrary SQL queries through the 'categoria' parameter. This could lead to complete database compromise including data theft, modification, or deletion. All systems running the vulnerable version are affected.

📋 TL;DR

SQL injection vulnerability in SportsNET version 4.0.1 allows attackers to execute arbitrary SQL queries through the 'categoria' parameter. This could lead to complete database compromise including data theft, modification, or deletion. All systems running the vulnerable version are affected.

💻 Affected Systems

Products:

SportsNET

Versions: 4.0.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific endpoint /conexiones/ax/openTracExt/ with the categoria parameter.

📦 What is this software?

Sportsnet by Sportsnet

View all CVEs affecting Sportsnet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data destruction, credential theft, and potential lateral movement to other systems.

🟠

Likely Case

Data exfiltration of sensitive information and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting query execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited and weaponized quickly due to available tooling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet

Restart Required: No

Instructions:

Check vendor advisory for patch availability. If unavailable, implement workarounds immediately.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns targeting the categoria parameter.

Input Validation

all

Implement strict input validation on the categoria parameter to only accept expected values.

🧯 If You Can't Patch

Isolate the vulnerable system from internet access and restrict internal network access.
Implement database-level controls to limit query execution permissions for the application account.

🔍 How to Verify

Check if Vulnerable:

Test the endpoint /conexiones/ax/openTracExt/ with SQL injection payloads in the categoria parameter.

Check Version:

Check application version in admin panel or configuration files.

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return appropriate error responses.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts from single IP
Unexpected parameter values in web logs

Network Indicators:

SQL keywords in HTTP parameters
Unusual database connection patterns
High volume of requests to vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="/conexiones/ax/openTracExt/" AND (param="categoria" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "INSERT" OR value CONTAINS "DELETE")

📊 Metadata

CVE ID: CVE-2024-29723

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: August 29, 2024

Last Updated: August 30, 2024

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29723, you might also want to check these: