CVE-2024-57587 – Multiple SQL injection vulnerabilities in EasyV... (How to Fix)

Q: What is the severity of CVE-2024-57587?

CVE-2024-57587 has a CVSS score of 9.1 (CRITICAL). Multiple SQL injection vulnerabilities in EasyVirt DCScope and CO2Scope allow remote unauthenticated attackers to execute arbitrary SQL commands via login parameters. This affects all users running vulnerable versions of these products, potentially leading to complete system compromise.

📋 TL;DR

Multiple SQL injection vulnerabilities in EasyVirt DCScope and CO2Scope allow remote unauthenticated attackers to execute arbitrary SQL commands via login parameters. This affects all users running vulnerable versions of these products, potentially leading to complete system compromise.

💻 Affected Systems

Products:

EasyVirt DCScope
EasyVirt CO2Scope

Versions: DCScope <= 8.6.0, CO2Scope <= 1.3.0

Operating Systems: Any OS running these applications

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with default configurations are vulnerable

📦 What is this software?

Co2scope by Easyvirt

View all CVEs affecting Co2scope →

Dcscope by Easyvirt

View all CVEs affecting Dcscope →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise leading to data theft, privilege escalation, and complete system takeover via arbitrary SQL execution

🟠

Likely Case

Authentication bypass, data exfiltration, and potential remote code execution through database functions

🟢

If Mitigated

Limited impact with proper input validation and database permissions in place

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation via login endpoint

🏢 Internal Only: HIGH - Same vulnerability exists regardless of network exposure

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and uses standard SQL injection techniques

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: DCScope > 8.6.0, CO2Scope > 1.3.0

Vendor Advisory: https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-57587.md

Restart Required: No

Instructions:

1. Check current version. 2. Update to latest version from vendor. 3. Verify patch applied. 4. Test login functionality.

🔧 Temporary Workarounds

Web Application Firewall

all

Deploy WAF with SQL injection rules to block malicious requests

Network Segmentation

all

Restrict access to vulnerable endpoints to trusted networks only

🧯 If You Can't Patch

Implement strict input validation and parameterized queries
Disable or restrict access to /api/auth/login endpoint

🔍 How to Verify

Check if Vulnerable:

Test login endpoint with SQL injection payloads in username/password fields

Check Version:

Check application version in admin interface or configuration files

Verify Fix Applied:

Attempt SQL injection after patch and verify it's blocked

📡 Detection & Monitoring

Log Indicators:

SQL syntax errors in logs
Unusual login attempts with special characters
Multiple failed login attempts from single IP

Network Indicators:

POST requests to /api/auth/login with SQL keywords
Unusual database connections from application server

SIEM Query:

source="application.logs" AND ("SQL" OR "syntax" OR "injection") AND uri="/api/auth/login"

📊 Metadata

CVE ID: CVE-2024-57587

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-89

Published: January 31, 2025

Last Updated: May 24, 2025

🔗 References

https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-57587.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57587, you might also want to check these: