Plateforme
other
Composant
cigesv2
Corrigé dans
2.0.1
A critical SQL injection vulnerability (CVE-2024-2722) has been identified in CIGESv2. This flaw allows a remote attacker to potentially extract sensitive data directly from the database. The vulnerability affects versions of CIGESv2 up to and including the version prior to 2.0.1. A patch is available in version 2.0.1.
The SQL injection vulnerability resides within the /ajaxConfigTotem.php file of CIGESv2, specifically within the 'id' parameter. Successful exploitation allows an attacker to craft malicious SQL queries that bypass security measures and directly access the underlying database. This could lead to the complete exfiltration of all data stored within the database, including user credentials, configuration information, and potentially other sensitive business data. The impact is severe, as a successful attack could compromise the confidentiality and integrity of the entire system. There is no immediate precedent for similar exploitation patterns in publicly disclosed incidents, but the potential for widespread data compromise is significant.
CVE-2024-2722 was publicly disclosed on March 22, 2024. The vulnerability is not currently listed on the CISA KEV catalog, and its EPSS score is pending evaluation. There are currently no publicly available proof-of-concept exploits, but the ease of exploitation inherent in SQL injection vulnerabilities suggests that it is likely to become a target for automated scanning and exploitation tools. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing CIGESv2, particularly those with publicly accessible instances or those lacking robust input validation practices, are at significant risk. Shared hosting environments where multiple users share the same CIGESv2 instance are especially vulnerable, as a compromise of one user's account could potentially lead to the compromise of the entire system.
• linux / server: Monitor database logs for unusual SQL queries targeting /ajaxConfigTotem.php. Use journalctl -f to observe real-time log activity.
journalctl -f | grep "/ajaxConfigTotem.php" | grep -i "select"• generic web: Use curl to test the /ajaxConfigTotem.php endpoint with various payloads. Examine the response for signs of SQL injection (e.g., database errors, unexpected data).
curl 'http://your-cigesv2-server/ajaxConfigTotem.php?id=1' 2>&1 | grep -i "error"• database (mysql): If you have access to the MySQL database, run queries to check for unauthorized data access or modification.
SELECT * FROM users WHERE username LIKE '%attacker%';disclosure
patch
Statut de l'Exploit
EPSS
0.13% (percentile 32%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-2722 is to immediately upgrade CIGESv2 to version 2.0.1 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. While not a complete solution, input validation and sanitization on the 'id' parameter within /ajaxConfigTotem.php can help reduce the attack surface. Web application firewalls (WAFs) configured to detect and block SQL injection attempts targeting this specific endpoint can also provide an additional layer of protection. Monitor database logs for suspicious SQL queries that might indicate an ongoing attack. After upgrade, confirm by attempting a query through /ajaxConfigTotem.php and verifying that it does not result in a database error or data leakage.
Actualizar a una versión parcheada de CIGESv2 que solucione la vulnerabilidad de inyección SQL. Si no hay una versión parcheada disponible, contacte al proveedor para obtener una solución o considere deshabilitar la funcionalidad afectada (/ajaxConfigTotem.php) hasta que se pueda aplicar una solución.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-2722 is a critical SQL injection vulnerability in CIGESv2 that allows attackers to potentially extract all database data via the /ajaxConfigTotem.php endpoint.
You are affected if you are using CIGESv2 versions less than or equal to the version prior to 2.0.1.
Upgrade CIGESv2 to version 2.0.1 or later. Implement temporary workarounds like input validation if immediate upgrade is not possible.
While no public exploits are currently available, the vulnerability's nature makes it a likely target for exploitation. Continuous monitoring is recommended.
Refer to the CIGESv2 official website or security advisory channels for the latest information and updates regarding CVE-2024-2722.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.