Cyber Resilience

CVE-2024-13979

CriticalPublic PoC

Published: 27 August 2025

Published
27 August 2025
Modified
09 September 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0901 92.8th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13979 is a critical-severity SQL Injection (CWE-89) vulnerability in St. Joe Erp System Project St. Joe Erp System. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A SQL injection vulnerability exists in the St. Joe ERP system that permits unauthenticated remote attackers to execute arbitrary SQL commands. The flaw resides in the login endpoint, where the application incorporates unsanitized user-supplied input from HTTP POST requests directly into backend database queries, violating secure coding practices captured by CWE-89. No affected version range is specified in available reporting.

Unauthenticated attackers reachable over the network can submit crafted POST requests to the login endpoint and achieve direct manipulation of the database. Successful exploitation can result in unauthorized data access, record modification, or limited service disruption, consistent with the CVSS 9.3 rating reflecting high impact across confidentiality, integrity, and availability without any required privileges or user interaction.

Exploitation evidence was first observed by the Shadowserver Foundation on 2025-04-14 UTC. The associated EPSS score has remained at 0.0901 with no material increase from a lower baseline.

EU & UK References

Vulnerability details

A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before…

more

incorporating it into SQL queries, enabling direct manipulation of the backend database. Successful exploitation may result in unauthorized data access, modification of records, or limited disruption of service. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-04-14 UTC.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote unauthenticated exploitation of a public-facing web application login endpoint via SQL injection, matching T1190 exactly.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-39334Shared CWE-89
CVE-2024-13488Shared CWE-89
CVE-2026-22850Shared CWE-89
CVE-2024-12404Shared CWE-89
CVE-2024-13474Shared CWE-89
CVE-2026-20002Shared CWE-89
CVE-2025-1446Shared CWE-89
CVE-2025-22699Shared CWE-89
CVE-2026-36232Shared CWE-89
CVE-2026-31871Shared CWE-89

Affected Assets

st. joe erp system project
st. joe erp system
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of user-supplied inputs to the login endpoint to prevent SQL injection by blocking arbitrary SQL command execution.

prevent

Mandates timely identification, reporting, and correction of the SQL injection flaw in the St. Joe ERP system to eliminate the vulnerability.

preventdetect

Boundary protection at web interfaces can deploy web application firewalls to inspect and block crafted HTTP POST requests exploiting the SQL injection vulnerability.

References