CVE-2024-12918

CVE-2024-2024-12918 is an SQL Injection vulnerability (CWE-89), stemming from improper neutralization of special elements used in an SQL command, in Agito Computer Health4All software. This issue affects Health4All versions prior to 10.01.2025.

The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low complexity and no user interaction required. Low-privileged authenticated users (PR:L) can exploit it to achieve high impacts on confidentiality, integrity, and availability, potentially allowing unauthorized data access, modification, or disruption.

The USOM advisory at https://www.usom.gov.tr/bildirim/tr-25-0042 provides further details on the issue. Mitigation requires updating to Health4All version 10.01.2025 or later.