CVE-2024-13979
Published: 27 August 2025
Summary
CVE-2024-13979 is a critical-severity SQL Injection (CWE-89) vulnerability in St. Joe Erp System Project St. Joe Erp System. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A SQL injection vulnerability exists in the St. Joe ERP system that permits unauthenticated remote attackers to execute arbitrary SQL commands. The flaw resides in the login endpoint, where the application incorporates unsanitized user-supplied input from HTTP POST requests directly into backend database queries, violating secure coding practices captured by CWE-89. No affected version range is specified in available reporting.
Unauthenticated attackers reachable over the network can submit crafted POST requests to the login endpoint and achieve direct manipulation of the database. Successful exploitation can result in unauthorized data access, record modification, or limited service disruption, consistent with the CVSS 9.3 rating reflecting high impact across confidentiality, integrity, and availability without any required privileges or user interaction.
Exploitation evidence was first observed by the Shadowserver Foundation on 2025-04-14 UTC. The associated EPSS score has remained at 0.0901 with no material increase from a lower baseline.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54926
Vulnerability details
A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before…
more
incorporating it into SQL queries, enabling direct manipulation of the backend database. Successful exploitation may result in unauthorized data access, modification of records, or limited disruption of service. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-04-14 UTC.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote unauthenticated exploitation of a public-facing web application login endpoint via SQL injection, matching T1190 exactly.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of user-supplied inputs to the login endpoint to prevent SQL injection by blocking arbitrary SQL command execution.
Mandates timely identification, reporting, and correction of the SQL injection flaw in the St. Joe ERP system to eliminate the vulnerability.
Boundary protection at web interfaces can deploy web application firewalls to inspect and block crafted HTTP POST requests exploiting the SQL injection vulnerability.