EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting.

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-40614
• EGroupware/egroupware@553829d
• EGroupware/egroupware@23.1.20240430...23.1.20240624
• https://github.com/EGroupware/egroupware/releases/tag/23.1.20240624
• https://help.egroupware.org/t/egroupware-maintenance-security-release-23-1-20240624/78438
• https://syss.de
• https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-047.txt
• https://www.syss.de/pentest-blog/sql-injection-schwachstelle-in-egroupware-syss-2024-047