CVE-2024-42565 – This CVE describes a critical SQL injection vul... (How to Fix)

📋 TL;DR

This CVE describes a critical SQL injection vulnerability in an ERP system's contact deletion function. Attackers can execute arbitrary SQL commands by manipulating the 'id' parameter, potentially compromising the entire database. Any organization using the vulnerable ERP commit is affected.

💻 Affected Systems

Products:

ERP system with commit 44bd04

Versions: Specific commit 44bd04

Operating Systems: Any OS running the vulnerable ERP code

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the specific commit mentioned; other versions may also be affected but not confirmed.

📦 What is this software?

Erp by Jerryhanjj

View all CVEs affecting Erp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution on the database server.

🟠

Likely Case

Database information disclosure, data manipulation, and potential privilege escalation within the ERP system.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database user privilege restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection via GET parameter is straightforward to exploit; authentication required to access the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Identify if using commit 44bd04
2. Check for updated commits from the ERP project
3. Apply parameterized queries to the vulnerable endpoint
4. Implement proper input validation for the id parameter

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to only accept numeric values for the id parameter

// PHP example: if(!is_numeric($_GET['id'])) { die('Invalid input'); }

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

ModSecurity rule: SecRule ARGS:id "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

Restrict access to the vulnerable endpoint using network ACLs or authentication requirements
Implement database user privilege restrictions to limit potential damage from SQL injection

🔍 How to Verify

Check if Vulnerable:

Test the endpoint /index.php/basedata/contact/delete?action=delete with SQL injection payloads in the id parameter

Check Version:

Check git commit history for commit 44bd04: git log --oneline | grep 44bd04

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return appropriate error messages

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple delete requests with unusual id parameters
Database queries with UNION, SELECT, or other SQL keywords from the application

Network Indicators:

HTTP requests to the vulnerable endpoint with SQL injection patterns in parameters
Unusual database traffic patterns from the application server

SIEM Query:

source="web_logs" AND uri="/index.php/basedata/contact/delete" AND (query="*UNION*" OR query="*SELECT*" OR query="*OR 1=1*")

📊 Metadata

CVE ID: CVE-2024-42565

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: August 20, 2024

Last Updated: June 17, 2025

🔗 References

https://gist.github.com/topsky979/648f2cd4f5e58560cbc9308d06e2f876 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42565, you might also want to check these: