CVE-2024-32212 – This SQL injection vulnerability in LOGINT LoMa... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in LOGINT LoMag Inventory Management allows attackers to execute arbitrary SQL commands through specific components (ArticleGetGroups, DocAddDocument, ClassClickShop, frmSettings). Attackers could potentially read, modify, or delete database content, and in worst cases execute arbitrary code. Organizations using LoMag Inventory Management v1.0.20.120 or earlier are affected.

💻 Affected Systems

Products:

LOGINT LoMag Inventory Management

Versions: v1.0.20.120 and earlier

Operating Systems: Windows (primary deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with vulnerable components exposed are affected regardless of configuration.

📦 What is this software?

Lomag Warehouse Management by Logint

View all CVEs affecting Lomag Warehouse Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the database leading to data theft, data destruction, and potential remote code execution on the underlying server.

🟠

Likely Case

Unauthorized data access, privilege escalation, and potential data manipulation affecting inventory records and business operations.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity, especially when unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Contact LOGINT vendor for patch availability
2. If patch exists, download from official vendor source
3. Apply patch following vendor instructions
4. Test functionality after patching

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious requests

Input Validation

all

Implement server-side input validation for affected parameters

🧯 If You Can't Patch

Isolate the LoMag system in a separate network segment with strict access controls
Implement database-level protections: use least privilege accounts, enable audit logging, and restrict database permissions

🔍 How to Verify

Check if Vulnerable:

Check application version in admin interface or about dialog. If version is 1.0.20.120 or earlier, system is vulnerable.

Check Version:

Check application interface or configuration files for version information

Verify Fix Applied:

After applying vendor patch, verify version is newer than 1.0.20.120 and test vulnerable endpoints with safe SQL injection test payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed login attempts followed by SQL-like payloads
Unexpected database access patterns

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, INSERT, etc.) to vulnerable endpoints
Unusual traffic patterns to database ports

SIEM Query:

source="web_logs" AND (uri="*ArticleGetGroups*" OR uri="*DocAddDocument*" OR uri="*ClassClickShop*" OR uri="*frmSettings*") AND (payload="*SELECT*" OR payload="*UNION*" OR payload="*INSERT*")

📊 Metadata

CVE ID: CVE-2024-32212

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 1, 2024

Last Updated: September 19, 2025

🔗 References

https://gainsec.com/2024/04/28/cve-2024-32210-cve-2024-32211-cve-2024-32212-cve-2024-32213-lomag-integrator-ce-warehouse-management/ Exploit,Third Party Advisory
https://gainsec.com/2024/04/28/cve-2024-32210-cve-2024-32211-cve-2024-32212-cve-2024-32213-lomag-integrator-ce-warehouse-management/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32212, you might also want to check these: