CVE-2025-29390
📋 TL;DR
CVE-2025-29390 is a SQL injection vulnerability in jerryhanjj ERP 1.0's set_password function that allows attackers to execute arbitrary SQL commands. This affects all users running the vulnerable ERP software version. Successful exploitation could lead to unauthorized data access or system compromise.
💻 Affected Systems
- jerryhanjj ERP
📦 What is this software?
Erp by Jerryhanjj
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including credential theft, data exfiltration, privilege escalation to admin, and potential remote code execution via database functions.
Likely Case
Unauthorized access to sensitive business data, user credential theft, and potential data manipulation affecting ERP operations.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only error messages or failed queries.
🎯 Exploit Status
Proof of concept available in GitHub references. Exploitation requires access to password reset functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Review the GitHub issue #7 for community fixes. 2. Manually patch the vulnerable set_password function with proper input validation and parameterized queries. 3. Test the fix thoroughly before deployment.
🔧 Temporary Workarounds
Input Validation Workaround
allAdd input validation to reject suspicious characters in password reset requests
# Add to application/controllers/home.php before set_password function:
# $password = filter_var($password, FILTER_SANITIZE_STRING);
# if (!preg_match('/^[a-zA-Z0-9@#$%^&+=]{8,}$/', $password)) { die('Invalid password'); }
WAF Rule Implementation
linuxDeploy web application firewall rules to block SQL injection patterns
# Example ModSecurity rule:
# SecRule ARGS "@detectSQLi" "id:1001,phase:2,deny,status:403,msg:'SQL Injection Attempt'"
🧯 If You Can't Patch
- Isolate the ERP system behind a firewall with strict network segmentation
- Implement database-level controls: use least privilege accounts, enable query logging, and restrict database functions
🔍 How to Verify
Check if Vulnerable:
Test the password reset functionality with SQL injection payloads like ' OR '1'='1 in password fields and observe database errors or unexpected behavior.Check Version:
Check the ERP version in the software interface or review the application files for version indicators.Verify Fix Applied:
Attempt the same SQL injection tests after patching; successful fixes should reject malicious input without database errors.📡 Detection & Monitoring
Log Indicators:
- Unusual database queries from web application logs
- Multiple failed password reset attempts with special characters
- Database error messages containing SQL syntax
Network Indicators:
- HTTP POST requests to password reset endpoints with SQL keywords
- Unusual database traffic patterns from web server
SIEM Query:
source="web_logs" AND (url="*/set_password*" OR url="*/home.php*") AND (request_body CONTAINS "UNION" OR request_body CONTAINS "SELECT" OR request_body CONTAINS "' OR '")