CVE-2024-13979 (CNNVD-202508-3161)
中文标题:
ShengQiao Technology St. Joe ERP System 安全漏洞
英文标题:
St. Joe ERP System SingleRowQueryConverter SQL Injection
漏洞描述
中文描述:
ShengQiao Technology St. Joe ERP System是中国圣乔科技(ShengQiao Technology)公司的一款企业级管理软件。 ShengQiao Technology St. Joe ERP System存在安全漏洞,该漏洞源于输入清理不足,可能导致SQL注入攻击。
英文描述:
A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into SQL queries, enabling direct manipulation of the backend database. Successful exploitation may result in unauthorized data access, modification of records, or limited disruption of service. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-04-14 UTC.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Hangzhou Shengqiao Technology Co. Ltd. | St. Joe ERP System ("圣乔ERP系统") | * | - | - |
cpe:2.3:a:hangzhou_shengqiao_technology_co._ltd.:st._joe_erp_system_("圣乔erp系统"):*:*:*:*:*:*:*:*
|
| st._joe_erp_system_project | st._joe_erp_system | - | - | - |
cpe:2.3:a:st._joe_erp_system_project:st._joe_erp_system:-:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2024-13979 |
2025-11-11 15:22:22 | 2025-11-11 07:39:01 |
| NVD | nvd_CVE-2024-13979 |
2025-11-11 15:00:21 | 2025-11-11 07:47:03 |
| CNNVD | cnnvd_CNNVD-202508-3161 |
2025-11-11 15:12:55 | 2025-11-11 08:00:07 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202508-3161
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']