CVE-2024-44546 – PowerJob versions 3.20 and above contain a SQL ... (How to Fix)

Q: What is the severity of CVE-2024-44546?

CVE-2024-44546 has a CVSS score of 9.8 (CRITICAL). PowerJob versions 3.20 and above contain a SQL injection vulnerability in the version parameter that allows attackers to execute arbitrary SQL commands on the database. This affects all deployments using vulnerable versions of PowerJob, potentially exposing sensitive data and system control.

📋 TL;DR

PowerJob versions 3.20 and above contain a SQL injection vulnerability in the version parameter that allows attackers to execute arbitrary SQL commands on the database. This affects all deployments using vulnerable versions of PowerJob, potentially exposing sensitive data and system control.

💻 Affected Systems

Products:

PowerJob

Versions: >= 3.20

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using PowerJob 3.20 or newer are vulnerable unless specifically patched.

📦 What is this software?

Powerjob by Powerjob

View all CVEs affecting Powerjob →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, privilege escalation, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized data access and extraction of sensitive information from the PowerJob database, including credentials, job configurations, and execution logs.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via version parameter is straightforward to exploit with publicly available proof-of-concept.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check latest PowerJob release for fix

Vendor Advisory: https://github.com/PowerJob/PowerJob

Restart Required: Yes

Instructions:

1. Update PowerJob to latest patched version. 2. Restart PowerJob services. 3. Verify version update.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for version parameter to allow only alphanumeric characters

Implement parameterized queries or input sanitization in code

Database Permission Restriction

all

Limit database user permissions to read-only for PowerJob application

ALTER USER powerjob_user WITH NOSUPERUSER NOCREATEDB NOCREATEROLE;

🧯 If You Can't Patch

Implement WAF rules to block SQL injection patterns in version parameter
Isolate PowerJob instances behind network segmentation with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check PowerJob version - if >= 3.20 and not patched, system is vulnerable

Check Version:

Check PowerJob application logs or configuration for version information

Verify Fix Applied:

Verify PowerJob version is updated beyond vulnerable range and test version parameter with SQL injection attempts

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts via PowerJob
Unexpected database operations

Network Indicators:

SQL injection patterns in HTTP requests to PowerJob endpoints
Unusual database connection patterns

SIEM Query:

source="powerjob" AND ("version=" AND ("' OR", "--", "UNION", "SELECT"))

📊 Metadata

CVE ID: CVE-2024-44546

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: November 11, 2024

Last Updated: June 27, 2025

🔗 References

https://gist.github.com/jwx0539/5151f53ec497474cab6af4fa8ee6b6f7 Third Party Advisory
https://github.com/PowerJob/PowerJob Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-44546, you might also want to check these: