CVE-2024-29875 – This is a critical SQL injection vulnerability ... (How to Fix)

Q: What is the severity of CVE-2024-29875?

CVE-2024-29875 has a CVSS score of 9.8 (CRITICAL). This is a critical SQL injection vulnerability in Sentrifugo 3.2 that allows remote attackers to execute arbitrary SQL queries through the 'sort_name' parameter. Successful exploitation could lead to complete database compromise, including extraction of sensitive user data, authentication credentials, and potentially full system control. All organizations running vulnerable Sentrifugo instances are affected.

📋 TL;DR

This is a critical SQL injection vulnerability in Sentrifugo 3.2 that allows remote attackers to execute arbitrary SQL queries through the 'sort_name' parameter. Successful exploitation could lead to complete database compromise, including extraction of sensitive user data, authentication credentials, and potentially full system control. All organizations running vulnerable Sentrifugo instances are affected.

💻 Affected Systems

Products:

Sentrifugo

Versions: Version 3.2

Operating Systems: All platforms running Sentrifugo

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Sentrifugo by Sapplica

View all CVEs affecting Sentrifugo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, authentication bypass, privilege escalation, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized access to sensitive HR data, user credentials, and personal information stored in the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, though SQL injection attempts would still be logged.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible without authentication, making internet-facing instances immediate targets.

🏢 Internal Only: HIGH - Even internal instances are vulnerable to insider threats or compromised internal accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in a publicly accessible endpoint with no authentication required, making exploitation trivial for attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Sentrifugo GitHub repository for latest security patches

Vendor Advisory: https://github.com/sapplica/sentrifugo

Restart Required: Yes

Instructions:

1. Backup your current Sentrifugo installation and database
2. Download the latest patched version from the official repository
3. Replace vulnerable files with patched versions
4. Restart the web server
5. Verify the fix by testing the vulnerable endpoint

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the sort_name parameter to only allow expected values

Modify /sentrifugo/index.php/default/reports/exportactiveuserrpt to validate sort_name parameter

Web Application Firewall Rule

all

Block SQL injection patterns targeting the vulnerable endpoint

Add WAF rule: deny requests to */exportactiveuserrpt* containing SQL keywords in parameters

🧯 If You Can't Patch

Implement strict network segmentation to isolate the Sentrifugo instance from sensitive systems
Deploy a web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Test the endpoint /sentrifugo/index.php/default/reports/exportactiveuserrpt with SQL injection payloads in the sort_name parameter

Check Version:

Check Sentrifugo version in application configuration or about page

Verify Fix Applied:

Attempt SQL injection on the patched endpoint and verify it rejects malicious input

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple requests to exportactiveuserrpt with suspicious parameters
Error logs showing SQL syntax errors

Network Indicators:

HTTP POST/GET requests to vulnerable endpoint containing SQL keywords
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="/sentrifugo/index.php/default/reports/exportactiveuserrpt" AND (param="sort_name" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "OR")

📊 Metadata

CVE ID: CVE-2024-29875

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 21, 2024

Last Updated: January 24, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29875, you might also want to check these: