SQL injection vulnerability in Sentrifugo

This SQL injection vulnerability allows a remote attacker to inject arbitrary SQL code into the sort_name parameter of the /sentrifugo/index.php/default/reports/exportactiveuserrpt endpoint. Successful exploitation could enable the attacker to bypass security measures and directly query the underlying database. The attacker could extract sensitive data, including user credentials, configuration details, and potentially even system files, depending on the database permissions. This represents a significant data breach risk and could lead to further compromise of the system. The potential impact is substantial, as the attacker gains direct access to the database, bypassing standard application security layers.

Organizations utilizing Sentrifugo 3.2 for reporting and analytics are at significant risk. Specifically, deployments with sensitive user data or those lacking robust input validation practices are particularly vulnerable. Shared hosting environments where multiple users share the same Sentrifugo instance are also at increased risk, as a compromise of one user's account could potentially lead to the compromise of the entire system.

• php: Examine access logs for requests to /sentrifugo/index.php/default/reports/exportactiveuserrpt containing unusual characters or SQL keywords in the sort_name parameter.

 grep -i "(select|union|insert|delete|drop)" /var/log/apache2/access.log | grep /sentrifugo/index.php/default/reports/exportactiveuserrpt

• generic web: Use curl to test the endpoint with a simple SQL injection payload (e.g., curl 'http://your-sentrifugo-instance/sentrifugo/index.php/default/reports/exportactiveuserrpt?sort_name=1') and observe the response for errors or unexpected data. • generic web: Check the Sentrifugo installation directory for any unusual files or modifications that might indicate an attacker has gained access.

1. 2024-03-21Disclosure

   disclosure

2. 2024-03-21Patch

   patch

1. 已保留2024-03-21
2. 发布日期2024-03-21
3. 修改日期2024-08-02
4. EPSS 更新日期2026-04-02

The primary mitigation for CVE-2024-29875 is to immediately upgrade Sentrifugo to version 3.2.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as input validation and sanitization on the sort_name parameter. Web application firewalls (WAFs) configured to detect and block SQL injection attempts can also provide a layer of defense. Monitor access logs for suspicious SQL queries targeting the /sentrifugo/index.php/default/reports/exportactiveuserrpt endpoint. After upgrading, confirm the vulnerability is resolved by attempting a test query with a known malicious payload and verifying that it is properly sanitized.