CVE-2024-3704 – CVE-2024-3704 is a critical SQL injection vulne... (How to Fix)

Q: What is the severity of CVE-2024-3704?

CVE-2024-3704 has a CVSS score of 9.8 (CRITICAL). CVE-2024-3704 is a critical SQL injection vulnerability in OpenGnsys version 1.1.1d that allows attackers to bypass authentication and potentially access the entire database. This affects all systems running the vulnerable OpenGnsys version, particularly those with internet-facing login pages.

📋 TL;DR

CVE-2024-3704 is a critical SQL injection vulnerability in OpenGnsys version 1.1.1d that allows attackers to bypass authentication and potentially access the entire database. This affects all systems running the vulnerable OpenGnsys version, particularly those with internet-facing login pages.

💻 Affected Systems

Products:

OpenGnsys

Versions: 1.1.1d (Espeto)

Operating Systems: All platforms running OpenGnsys

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the default installation of OpenGnsys 1.1.1d. The login page is the primary attack vector.

📦 What is this software?

Opengnsys by Opengnsys

View all CVEs affecting Opengnsys →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including sensitive credentials, configuration data, and user information leading to full system takeover.

🟠

Likely Case

Authentication bypass allowing unauthorized access to the OpenGnsys management interface and potential data exfiltration.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-sensitive data.

🌐 Internet-Facing: HIGH - Login page is typically internet-facing, making exploitation trivial for remote attackers.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection on login page requires no authentication. Exploitation is straightforward for attackers with basic SQLi knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in security updates referenced in vendor advisories

Vendor Advisory: https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x

Restart Required: Yes

Instructions:

1. Backup current OpenGnsys installation and database. 2. Apply security patch from OpenGnsys advisory. 3. Restart OpenGnsys services. 4. Verify fix by testing login functionality.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns targeting the login endpoint

Network Segmentation

linux

Restrict access to OpenGnsys login page to trusted IP addresses only

iptables -A INPUT -p tcp --dport [OpenGnsys-port] -s [trusted-IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [OpenGnsys-port] -j DROP

🧯 If You Can't Patch

Implement strict input validation and parameterized queries at application layer
Monitor and alert on suspicious SQL patterns in application logs

🔍 How to Verify

Check if Vulnerable:

Check if running OpenGnsys version 1.1.1d via web interface or configuration files

Check Version:

Check OpenGnsys web interface or configuration files for version information

Verify Fix Applied:

Test login page with SQL injection payloads (e.g., ' OR '1'='1) and verify they are rejected

📡 Detection & Monitoring

Log Indicators:

Unusual SQL syntax in login attempts
Multiple failed login attempts with SQL patterns
Successful logins from unexpected IP addresses

Network Indicators:

SQL keywords in HTTP POST requests to login endpoint
Unusual database query patterns

SIEM Query:

source="opengnsys.log" AND ("' OR" OR "' UNION" OR "' SELECT" OR "' --" OR ";--")

📊 Metadata

CVE ID: CVE-2024-3704

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: April 12, 2024

Last Updated: November 4, 2025

🔗 References

https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys Third Party Advisory
https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3704, you might also want to check these: