CVE-2024-45875

Root

Cause

CVE-2024-45875 is an authenticated SQL injection vulnerability in baltic-it TOPqw Webportal version 1.35.287.1. The flaw resides in the SaveNewUser method of the /Apps/TOPqw/BenutzerManagement.aspx page, specifically in how the JSON object username parameter is handled. The application fails to properly sanitize user input before incorporating it into SQL queries, allowing an authenticated attacker to inject arbitrary SQL commands [1].

Exploitation

Prerequisites

Exploitation requires a valid authenticated session in the webportal's login-protected area, which is used by social service providers to manage facilities, statistics, and documents [1]. The attacker only needs to send a crafted JSON payload to the vulnerable endpoint, making the attack straightforward once authenticated.

Impact

An attacker successfully exploiting this vulnerability could manipulate SQL queries to read, modify, or delete sensitive data stored in the database. Given that the webportal stores personal information of citizens and confidential documents related to social matters, the potential impact includes unauthorized access to personal data and disruption of services [1]. The CVSS v3 base score of 5.4 reflects medium severity.

Mitigation

bit baltic information technologies GmbH has released version 1.35.291 which fixes this vulnerability. Users are strongly advised to update immediately. The vulnerability was discovered during penetration tests and disclosed following responsible disclosure principles [1].