CVE-2025-50341
📋 TL;DR
A Boolean-based SQL injection vulnerability in Axelor 5.2.4 allows attackers to manipulate SQL queries via the _domain parameter. This enables data extraction, authentication bypass, or potential remote code execution. Organizations running vulnerable Axelor instances are affected.
💻 Affected Systems
- Axelor
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, authentication bypass, privilege escalation, and potential remote code execution on the database server.
Likely Case
Data extraction from the database including sensitive business information, user credentials, and configuration data.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.
🎯 Exploit Status
Boolean-based SQL injection typically requires more requests than traditional SQLi but is still highly exploitable with automated tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: http://axelor.com
Restart Required: No
Instructions:
1. Monitor Axelor security advisories for patch availability. 2. Apply patch when released. 3. Test in development environment before production deployment.
🔧 Temporary Workarounds
Input Validation Filter
allImplement strict input validation for the _domain parameter to reject suspicious characters
Implement application-level filtering for SQL special characters in _domain parameter
Web Application Firewall Rules
allDeploy WAF rules to block SQL injection patterns in requests
Configure WAF to detect and block SQL injection patterns in URL parameters
🧯 If You Can't Patch
- Implement parameterized queries or prepared statements for all database interactions
- Restrict database user permissions to minimum required access
🔍 How to Verify
Check if Vulnerable:
Test the _domain parameter with SQL injection payloads like: _domain=1' AND '1'='1Check Version:
Check Axelor version in application interface or configuration filesVerify Fix Applied:
Verify that SQL injection payloads no longer affect application behavior or database responses📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple requests with SQL-like patterns in _domain parameter
- Requests with boolean logic patterns (AND, OR, NOT) in parameters
Network Indicators:
- HTTP requests containing SQL keywords in _domain parameter
- Abnormal request patterns to vulnerable endpoints
SIEM Query:
source="web_logs" AND (url="*_domain=*" AND (url="*AND*" OR url="*OR*" OR url="*'*" OR url="*--*"))