CVE-2024-40614 – This vulnerability allows authenticated users t... (How to Fix)

Q: What is the severity of CVE-2024-40614?

CVE-2024-40614 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows authenticated users to perform SQL injection attacks through the Address Book or InfoLog sorting functionality in EGroupware. Attackers can manipulate database queries to potentially access, modify, or delete sensitive data. All EGroupware instances running vulnerable versions are affected.

📋 TL;DR

This vulnerability allows authenticated users to perform SQL injection attacks through the Address Book or InfoLog sorting functionality in EGroupware. Attackers can manipulate database queries to potentially access, modify, or delete sensitive data. All EGroupware instances running vulnerable versions are affected.

💻 Affected Systems

Products:

EGroupware

Versions: All versions before 23.1.20240624

Operating Systems: All platforms running EGroupware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to Address Book or InfoLog modules.

📦 What is this software?

Egroupware by Egroupware

View all CVEs affecting Egroupware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, privilege escalation, or remote code execution via database functions.

🟠

Likely Case

Unauthorized data access and extraction from the database, potentially exposing sensitive user information, contacts, or application data.

🟢

If Mitigated

Limited impact due to proper input validation, database permissions restrictions, and network segmentation limiting database access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but the SQL injection vector is straightforward through the ORDER BY parameter manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.1.20240624

Vendor Advisory: https://help.egroupware.org/t/egroupware-maintenance-security-release-23-1-20240624/78438

Restart Required: Yes

Instructions:

1. Backup your EGroupware installation and database. 2. Download version 23.1.20240624 from official sources. 3. Replace existing files with patched version. 4. Run any database update scripts if provided. 5. Restart web server services.

🔧 Temporary Workarounds

Disable vulnerable endpoints

all

Temporarily disable access to json.php with menuaction parameter for Nextmatch::ajax_get_rows

# Add to web server configuration or .htaccess
RewriteCond %{QUERY_STRING} menuaction=EGroupware\\Api\\Etemplate\\Widget\\Nextmatch::ajax_get_rows [NC]
RewriteRule ^json\.php$ - [F,L]

Input validation at web application firewall

all

Block SQL injection patterns in sort.id parameter

# Example ModSecurity rule
SecRule ARGS:sort.id "@detectSQLi" "id:1001,phase:2,deny,status:403,msg:'SQL Injection Attempt'

🧯 If You Can't Patch

Implement strict input validation for all sort.id parameters in the application layer
Restrict database user permissions to minimum required operations and implement database activity monitoring

🔍 How to Verify

Check if Vulnerable:

Check EGroupware version in admin interface or by examining source files. If version is earlier than 23.1.20240624, system is vulnerable.

Check Version:

Check EGroupware admin panel or examine header.php file for version information

Verify Fix Applied:

Verify version is 23.1.20240624 or later and test that sort.id parameter in json.php endpoint properly validates input.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed sort parameter attempts
Suspicious patterns in json.php access logs with sort.id parameter

Network Indicators:

HTTP requests to json.php with unusual sort.id parameter values
SQL error messages in HTTP responses

SIEM Query:

source="web_logs" AND uri="*/json.php" AND query="*sort.id*" AND (query="*UNION*" OR query="*SELECT*" OR query="*INSERT*" OR query="*DELETE*")

📊 Metadata

CVE ID: CVE-2024-40614

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: July 7, 2024

Last Updated: November 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40614, you might also want to check these: