CVE-2024-42913 in RuoYiinfo

Summary

by MITRE • 08/26/2024

RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 06/15/2025

The vulnerability identified as CVE-2024-42913 affects RuoYi CMS version 4.7.9 and represents a critical SQL injection flaw that could enable unauthorized access to sensitive database information. This vulnerability specifically manifests through the job_id parameter within the /sasfs1 endpoint, creating a pathway for malicious actors to execute arbitrary SQL commands against the underlying database system. The flaw stems from inadequate input validation and sanitization practices within the application's parameter handling mechanism, allowing attackers to inject malicious SQL code that bypasses normal security controls.

The technical exploitation of this vulnerability occurs when the application fails to properly escape or validate user-supplied input from the job_id parameter before incorporating it into database queries. This creates a direct vector for attackers to manipulate database operations through crafted payloads that can extract, modify, or delete data from the system. The vulnerability falls under CWE-89 which specifically addresses SQL injection flaws, and aligns with ATT&CK technique T1190 for exploit via injection, particularly targeting database systems through web application interfaces. The impact is significant as SQL injection vulnerabilities often provide attackers with complete database access, potentially exposing sensitive user information, system credentials, and business-critical data.

Operationally, this vulnerability poses severe risks to organizations using RuoYi CMS v4.7.9 as it allows for unauthorized data access and potential system compromise. Attackers could leverage this flaw to extract confidential information including user accounts, personal data, and system configurations. The vulnerability's location within the /sasfs1 endpoint suggests it may be related to scheduled job management functionality, potentially allowing attackers to escalate privileges or gain deeper system access. The attack surface is particularly concerning as it affects a content management system that likely handles sensitive business data and user information, making the impact extend beyond simple data theft to potential operational disruption and compliance violations.

Mitigation strategies for CVE-2024-42913 should prioritize immediate patching of the affected RuoYi CMS version to the latest available release that addresses this specific vulnerability. Organizations should implement proper input validation and parameterized queries throughout their applications to prevent similar issues from occurring in other components. Network-level protections including web application firewalls and intrusion detection systems should be configured to monitor for suspicious SQL injection patterns targeting the affected endpoint. Additionally, regular security assessments and penetration testing should be conducted to identify and remediate other potential injection vulnerabilities within the application ecosystem. Security teams should also implement database access controls and monitoring to detect unauthorized database queries that may indicate exploitation attempts. The vulnerability highlights the critical importance of maintaining up-to-date software versions and implementing robust input validation practices as recommended by industry standards including OWASP Top Ten and NIST cybersecurity guidelines.

Responsible

MITRE

Reservation

08/05/2024

Disclosure

08/26/2024

Moderation

accepted

CPE

ready

EPSS

0.00354

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!