CVE-2024-57775 – This SQL injection vulnerability in JFinalOA al... (How to Fix)

Q: What is the severity of CVE-2024-57775?

CVE-2024-57775 has a CVSS score of 8.8 (HIGH). This SQL injection vulnerability in JFinalOA allows attackers to execute arbitrary SQL commands through the getWorkFlowHis?insid component. It affects all users running JFinalOA versions before 2025.01.01, potentially leading to data theft, modification, or deletion.

📋 TL;DR

This SQL injection vulnerability in JFinalOA allows attackers to execute arbitrary SQL commands through the getWorkFlowHis?insid component. It affects all users running JFinalOA versions before 2025.01.01, potentially leading to data theft, modification, or deletion.

💻 Affected Systems

Products:

JFinalOA

Versions: All versions before 2025.01.01

Operating Systems: All platforms running JFinalOA

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation when using the workflow history component.

📦 What is this software?

Jfinaloa by Jfinaloa Project

View all CVEs affecting Jfinaloa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, data destruction, and potential privilege escalation to execute operating system commands.

🟠

Likely Case

Unauthorized access to sensitive workflow history data, potential extraction of user credentials or business data, and database manipulation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place, potentially only error messages or minimal data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to the vulnerable endpoint, but SQL injection techniques are well-documented and tools like sqlmap can automate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.01.01

Vendor Advisory: https://gitee.com/r1bbit/JFinalOA/issues/IBHURT

Restart Required: No

Instructions:

1. Upgrade JFinalOA to version 2025.01.01 or later. 2. Verify the update by checking the version number. 3. Test the getWorkFlowHis endpoint with SQL injection test payloads.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation for the insid parameter to only accept expected data formats.

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting the getWorkFlowHis endpoint.

🧯 If You Can't Patch

Network segmentation to isolate JFinalOA from sensitive databases
Implement strict access controls and authentication for the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Test the getWorkFlowHis endpoint with SQL injection payloads like ' OR '1'='1 in the insid parameter.

Check Version:

Check JFinalOA version in application configuration or admin interface.

Verify Fix Applied:

After patching, retest with SQL injection payloads and verify no database errors or unexpected behavior occurs.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Error messages containing SQL syntax
Multiple requests to getWorkFlowHis with unusual parameters

Network Indicators:

HTTP requests to getWorkFlowHis with SQL keywords in parameters
Unusual database connection patterns from application server

SIEM Query:

source="web_logs" AND uri="/getWorkFlowHis" AND (param="insid" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|exec|or|and)")

📊 Metadata

CVE ID: CVE-2024-57775

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.16% exploit probability (37.2th percentile)

Published: January 16, 2025

Last Updated: January 31, 2025

🔗 References

https://gitee.com/r1bbit/JFinalOA/issues/IBHURT Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57775, you might also want to check these: