CVE-2024-42564
📋 TL;DR
This CVE describes a SQL injection vulnerability in an ERP system's inventory deletion function. Attackers can manipulate the 'id' parameter to execute arbitrary SQL commands, potentially compromising database integrity and confidentiality. Organizations using the vulnerable ERP commit are affected.
💻 Affected Systems
- ERP system with specific commit
📦 What is this software?
Erp by Jerryhanjj
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise allowing data theft, modification, deletion, or full system takeover via SQL injection leading to remote code execution.
Likely Case
Unauthorized data access, modification, or deletion of inventory records, potentially leading to business disruption and data integrity issues.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permissions restricting damage to specific tables.
🎯 Exploit Status
SQL injection via URL parameter is straightforward to exploit; public proof-of-concept exists in the GitHub gist reference.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Review the vulnerable commit 44bd04. 2. Implement parameterized queries or prepared statements for the delete function. 3. Validate and sanitize the 'id' parameter input. 4. Test the fix thoroughly before deployment.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rule
allBlock SQL injection patterns in the id parameter at the specified endpoint
WAF-specific configuration to block patterns like UNION, SELECT, INSERT, DELETE, DROP, OR, AND in /index.php/basedata/inventory/delete
Input Validation Filter
allImplement server-side validation to restrict id parameter to expected values
Add validation in PHP: if(!is_numeric($_GET['id'])) { die('Invalid input'); }
🧯 If You Can't Patch
- Restrict network access to the ERP system to trusted IPs only
- Implement database user with minimal permissions (read-only where possible)
🔍 How to Verify
Check if Vulnerable:
Test the endpoint with SQL injection payloads like: /index.php/basedata/inventory/delete?action=delete&id=1' OR '1'='1Check Version:
Check git commit history or version file for commit 44bd04Verify Fix Applied:
Attempt SQL injection tests and verify they are blocked or produce expected error handling📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple delete requests with suspicious id parameters
- Requests containing SQL keywords in id parameter
Network Indicators:
- HTTP requests to /index.php/basedata/inventory/delete with SQL injection patterns in parameters
SIEM Query:
source="web_logs" AND uri="/index.php/basedata/inventory/delete" AND (query_string="*UNION*" OR query_string="*SELECT*" OR query_string="*OR*1=1*")