CVE-2024-13979 identifies a critical SQL injection vulnerability in the St. Joe ERP system (圣乔ERP系统) developed by Hangzhou Shengqiao Technology Co. Ltd. The flaw exists in the login endpoint, where the application fails to properly sanitize user-supplied input before embedding it into SQL queries. This improper neutralization of special elements (CWE-89) allows unauthenticated remote attackers to craft malicious HTTP POST requests that manipulate the backend database directly. The vulnerability affects all versions of the product, with no specific version range defined. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) indicates network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. Exploitation can lead to unauthorized data disclosure, unauthorized modification of records, and potential disruption of ERP services. The Shadowserver Foundation first observed exploitation attempts in April 2025, though no confirmed widespread exploitation is reported. The lack of available patches increases the urgency for defensive measures. Given the ERP system's role in managing enterprise resources, this vulnerability poses a severe risk to business operations and data security.

For European organizations, the impact of this vulnerability is substantial. ERP systems like St. Joe are critical for managing business processes, including inventory, finance, and supply chain operations. Successful exploitation could lead to unauthorized access to sensitive corporate data, including financial records, customer information, and intellectual property. Data integrity could be compromised by unauthorized modifications, potentially causing operational disruptions or financial inaccuracies. Availability may also be affected if attackers manipulate database records or cause service interruptions. Industries with high reliance on ERP systems, such as manufacturing, logistics, and retail, are particularly vulnerable. The risk extends to regulatory compliance, as data breaches involving personal or financial data could trigger GDPR violations, resulting in legal and financial penalties. The vulnerability's ease of exploitation without authentication amplifies the threat, making it accessible to a wide range of attackers, including opportunistic cybercriminals and advanced persistent threat actors targeting European enterprises.

Given the absence of official patches, European organizations should implement immediate compensating controls. First, deploy web application firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the login endpoint. Network segmentation should isolate ERP systems from less trusted networks, limiting exposure. Conduct thorough input validation and sanitization on all user inputs at the application layer, ideally by applying parameterized queries or prepared statements if source code access is available. Monitor logs for unusual login attempts or anomalous SQL query patterns indicative of exploitation attempts. Employ intrusion detection systems (IDS) tuned for SQL injection signatures. Restrict access to the ERP system to trusted IP ranges where feasible, and enforce multi-factor authentication on all administrative interfaces to reduce risk from lateral movement post-exploitation. Regularly back up ERP databases and verify backup integrity to enable recovery from potential data tampering. Engage with the vendor for updates and patches, and consider alternative ERP solutions if remediation is delayed. Finally, conduct security awareness training for IT staff to recognize and respond to exploitation indicators promptly.