CVE-2024-45875 is an SQL injection vulnerability identified in the create user function of the baltic-it TOPqw Webportal, version 1.35.287.1. The vulnerability exists in the /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser endpoint, where the username parameter in the JSON payload is improperly sanitized before being incorporated into SQL queries. This improper input validation allows an attacker with at least limited privileges (PR:L) to inject malicious SQL code, potentially manipulating the database queries executed by the application. The vulnerability does not require user interaction (UI:N) and can be exploited remotely over the network (AV:N). The scope of impact is unchanged (S:U), meaning the vulnerability affects only the vulnerable component without extending to other components. The CVSS 3.1 base score is 5.4, reflecting a medium severity level, with impacts primarily on confidentiality and integrity, but no impact on availability. The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). Although no known exploits have been reported in the wild, the vulnerability poses a risk of unauthorized data access or modification, especially in environments where the TOPqw Webportal is used for user management. The vendor has addressed the issue in version 1.35.291, and users are advised to upgrade promptly.

The primary impact of CVE-2024-45875 is the potential unauthorized manipulation of the backend database through SQL injection, which can lead to unauthorized disclosure of sensitive user data or unauthorized modification of user records. This compromises the confidentiality and integrity of the system's data. Since the vulnerability exists in the user creation function, an attacker could potentially create or alter user accounts, escalating privileges or bypassing access controls. Although availability is not directly affected, the integrity compromise could lead to broader security issues. Organizations relying on baltic-it TOPqw Webportal for user management risk exposure of sensitive user information and possible disruption of authentication and authorization processes. The requirement for some level of authentication limits the attack surface to insiders or compromised accounts, but the ease of exploitation and network accessibility increase the risk. Without timely patching, attackers could leverage this vulnerability to gain footholds within enterprise environments, especially in sectors with sensitive user data.

To mitigate CVE-2024-45875, organizations should immediately upgrade baltic-it TOPqw Webportal to version 1.35.291 or later, where the vulnerability is fixed. In addition to patching, implement strict input validation and sanitization on all user-supplied data, especially JSON payloads affecting SQL queries. Employ the use of parameterized queries or prepared statements to prevent SQL injection. Restrict access to the user creation endpoint to only trusted and necessary personnel, enforcing the principle of least privilege. Monitor logs for unusual activity around user management functions to detect potential exploitation attempts. Conduct regular security assessments and code reviews focusing on injection flaws. If patching is delayed, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the vulnerable endpoint. Finally, educate developers and administrators about secure coding practices and the risks of SQL injection.