Skip to main content

CVE-2024-22625: n/a in n/a

High
VulnerabilityCVE-2024-22625cvecve-2024-22625
Published: Tue Jan 16 2024 (01/16/2024, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=.

AI-Powered Analysis

AILast updated: 07/07/2025, 02:59:29 UTC

Technical Analysis

CVE-2024-22625 is a high-severity SQL Injection vulnerability affecting Complete Supplier Management System version 1.0. The vulnerability exists in the admin interface, specifically in the edit_category.php script, which accepts an 'id' parameter without proper input sanitization or parameterization. This allows an authenticated user with administrative privileges (as indicated by the CVSS vector requiring privileges but no user interaction) to inject malicious SQL code. Exploiting this flaw can lead to unauthorized access, modification, or deletion of database records, compromising confidentiality, integrity, and availability of the system's data. The vulnerability is classified under CWE-89, which is a common and well-understood injection flaw. The CVSS score of 7.2 reflects the network exploitable nature, low attack complexity, and high impact on confidentiality, integrity, and availability. No public exploits are currently known, and no patches have been published yet. However, the presence of this vulnerability in a supplier management system poses significant risks, especially in environments where sensitive supplier and procurement data are handled.

Potential Impact

For European organizations, this vulnerability could have serious repercussions. Supplier management systems often contain sensitive business information, including supplier contracts, pricing, and procurement strategies. Exploitation could lead to data breaches exposing confidential commercial information, manipulation of supplier data causing financial losses or supply chain disruptions, and potential compliance violations under regulations like GDPR if personal data is involved. The requirement for administrative privileges limits exploitation to insiders or attackers who have already compromised an admin account, but insider threats or credential theft remain realistic risks. Disruption or data tampering could affect operational continuity and damage trust with suppliers and partners. Given the interconnected nature of supply chains in Europe, such an attack could have cascading effects across multiple organizations.

Mitigation Recommendations

Organizations using Complete Supplier Management System v1.0 should immediately audit their systems for this vulnerability. Specific mitigation steps include: 1) Restrict administrative access strictly using strong authentication methods and monitor admin account usage for anomalies. 2) Implement Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the edit_category.php endpoint. 3) Apply input validation and parameterized queries in the application code to prevent injection, if source code access and patching is possible. 4) Conduct regular security assessments and penetration testing focused on injection flaws. 5) Monitor database logs for suspicious queries or unusual activity. 6) If possible, isolate the supplier management system network segment to limit lateral movement in case of compromise. 7) Prepare incident response plans specifically addressing potential data breaches or integrity violations in supplier data. Since no official patch is available, these compensating controls are critical until a vendor fix is released.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2024-01-11T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6840c579182aa0cae2c16aec

Added to database: 6/4/2025, 10:15:21 PM

Last enriched: 7/7/2025, 2:59:29 AM

Last updated: 8/14/2025, 6:29:54 PM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats