Platform
other
Component
case-erp
Fixed in
V2.0.1
CVE-2024-11739 describes a critical SQL Injection vulnerability affecting Case ERP versions 0 through V2.0.1. This flaw allows attackers to inject malicious SQL code into database queries, potentially leading to unauthorized data access and manipulation. Successful exploitation could result in complete system compromise. A patch is available in version V2.0.1.
The SQL Injection vulnerability in Case ERP allows attackers to directly manipulate database queries. This can be leveraged to bypass authentication mechanisms, granting unauthorized access to sensitive data. An attacker could extract user credentials, financial records, or other confidential information stored within the database. Furthermore, depending on the database permissions, an attacker might be able to execute arbitrary commands on the server, leading to complete system takeover and data exfiltration. The potential impact is significant, especially given the sensitive nature of data typically managed by ERP systems.
CVE-2024-11739 was published on 2025-06-27. The vulnerability’s CRITICAL CVSS score (9.8) indicates a high probability of exploitation. Public proof-of-concept exploits are not currently known, but the severity of the vulnerability suggests it is a high-priority target for attackers. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-11739 is to immediately upgrade Case ERP to version V2.0.1 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing temporary workarounds such as input validation and parameterized queries within the application code. Web Application Firewalls (WAFs) configured with rules to detect and block SQL Injection attempts can provide an additional layer of defense. Regularly review database access permissions to ensure they adhere to the principle of least privilege.
Update Case ERP to version 2.0.1 or later. This update fixes the SQL injection vulnerability. See the Case ERP changelog for more details about the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-11739 is a critical SQL Injection vulnerability in Case ERP versions 0–V2.0.1, allowing attackers to manipulate database queries and potentially gain unauthorized access.
If you are using Case ERP versions 0 through V2.0.1, you are affected by this vulnerability and must upgrade immediately.
Upgrade Case ERP to version V2.0.1 or later. As a temporary workaround, implement input validation and parameterized queries.
While no public exploits are currently known, the vulnerability's severity suggests it is a high-priority target for attackers. Continuous monitoring is crucial.
Refer to the Case ERP official website or security advisory channels for the latest information and updates regarding CVE-2024-11739.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.