{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T12:24:38.463","vulnerabilities":[{"cve":{"id":"CVE-2024-13979","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-08-27T22:15:33.070","lastModified":"2025-09-09T18:44:14.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability exists in the St. Joe ERP system (\"圣乔ERP系统\") that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into SQL queries, enabling direct manipulation of the backend database. Successful exploitation may result in unauthorized data access, modification of records, or limited disruption of service. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-04-14 UTC."},{"lang":"es","value":"Una vulnerabilidad de inyección SQL existe en el sistema ERP St. Joe ('??ERP??') que permite a atacantes remotos no autenticados ejecutar comandos SQL arbitrarios a través de solicitudes HTTP POST manipuladas al endpoint de inicio de sesión. La aplicación no logra sanear adecuadamente la entrada proporcionada por el usuario antes de incorporarla en las consultas SQL, lo que permite la manipulación directa de la base de datos backend. La explotación exitosa puede resultar en acceso no autorizado a datos, modificación de registros o interrupción limitada del servicio. Un rango de versiones afectadas no está definido. La evidencia de explotación fue observada por primera vez por la Shadowserver Foundation el 14 de abril de 2025 UTC."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:st._joe_erp_system_project:st._joe_erp_system:-:*:*:*:*:*:*:*","matchCriteriaId":"6A4A15F2-4A13-4CBB-9A8D-9433C1756BB6"}]}]}],"references":[{"url":"https://blog.csdn.net/qq_41904294/article/details/144240396","source":"disclosure@vulncheck.com","tags":["Exploit"]},{"url":"https://en.fofa.info/result?qbase64=5Zyj5LmURVJQ57O757uf","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://github.com/adysec/POC/blob/main/wpoc/%E5%9C%A3%E4%B9%94ERP/%E5%9C%A3%E4%B9%94ERP%E7%B3%BB%E7%BB%9FSingleRowQueryConvertor%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md","source":"disclosure@vulncheck.com","tags":["Exploit"]},{"url":"https://www.vulncheck.com/advisories/st-joes-erp-system-sqli","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://blog.csdn.net/qq_41904294/article/details/144240396","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]},{"url":"https://github.com/adysec/POC/blob/main/wpoc/%E5%9C%A3%E4%B9%94ERP/%E5%9C%A3%E4%B9%94ERP%E7%B3%BB%E7%BB%9FSingleRowQueryConvertor%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]},{"url":"https://www.vulncheck.com/advisories/st-joes-erp-system-sqli","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}}]}