Platform
php
Component
admidio
Opgelost in
4.3.10
CVE-2024-37906 describes a critical SQL Injection vulnerability affecting Admidio, a user management system for organizations. This flaw allows attackers to potentially compromise the application's database through manipulation of the ecard_recipients POST parameter. The vulnerability impacts versions of Admidio prior to 4.3.9, and a patch is available.
The SQL Injection vulnerability in Admidio allows an authenticated user to inject malicious SQL code into the ecard_recipients parameter. This can lead to unauthorized access to sensitive data stored within the Admidio database, including user credentials, organization details, and potentially other confidential information. Successful exploitation could result in complete database compromise, enabling attackers to modify, delete, or exfiltrate data. The blind, time-based, and out-of-band interaction SQL Injection techniques described in the vulnerability description suggest a sophisticated attacker could bypass common defenses and extract data even with limited feedback.
CVE-2024-37906 was publicly disclosed on July 29, 2024. The vulnerability's ease of exploitation, combined with Admidio's popularity, suggests a medium probability of exploitation (EPSS score likely medium). No public proof-of-concept (PoC) code has been publicly released as of this writing, but the vulnerability description provides sufficient detail for attackers to develop their own exploits. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Organizations and groups utilizing Admidio for user management, particularly those running versions prior to 4.3.9, are at significant risk. Shared hosting environments where multiple users share the same Admidio instance are especially vulnerable, as a compromise of one user account could potentially lead to broader system compromise.
• php: Examine Admidio application logs for suspicious SQL queries involving the ecard_recipients parameter. Look for unusual characters or SQL keywords.
grep -i 'ecard_recipients.*(select|insert|update|delete)' /var/log/apache2/access.log• generic web: Use curl to test the /admprogram/modules/ecards/ecardsend.php endpoint with a crafted payload containing SQL injection syntax. Analyze the response for errors or unexpected behavior.
curl -X POST -d "ecard_recipients='; DROP TABLE users;--" http://your-admidio-site/adm_program/modules/ecards/ecard_send.phpdisclosure
Exploit Status
EPSS
0.92% (76% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-37906 is to immediately upgrade Admidio to version 4.3.9 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter potentially malicious input in the ecard_recipients parameter. Specifically, look for unusual characters or SQL keywords within the parameter value. Input validation and sanitization on the server-side can also help reduce the attack surface, although this is not a substitute for patching. Monitor Admidio logs for unusual database queries or error messages that might indicate an attempted exploit.
Actualice Admidio a la versión 4.3.9 o superior. Esta versión contiene una corrección para la vulnerabilidad de inyección SQL. La actualización se puede realizar a través del panel de administración de Admidio o descargando la última versión del software y reemplazando los archivos existentes.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-37906 is a critical SQL Injection vulnerability in Admidio versions before 4.3.9, allowing attackers to potentially compromise the database by manipulating the ecard_recipients parameter.
You are affected if you are using Admidio versions 4.3.9 or earlier. Immediately check your version and upgrade if necessary.
Upgrade Admidio to version 4.3.9 or later. Consider implementing a WAF rule to filter malicious input as an interim measure.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a potential for active exploitation. Monitor security advisories.
Refer to the official Admidio website and security advisories for the latest information and updates regarding CVE-2024-37906.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.