CVE-2024-13148

CVE-2024-13148 is an SQL Injection vulnerability (CWE-89), resulting from improper neutralization of special elements used in an SQL command, in the Yukseloglu Filter B2B Login Platform. This issue affects versions of the B2B Login Platform prior to 16.01.2025.

The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation allows attackers to execute arbitrary SQL commands, potentially leading to high impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or deletion.

The USOM advisory (tr-25-0045) at https://www.usom.gov.tr/bildirim/tr-25-0045 provides further details on the vulnerability. Mitigation requires updating the B2B Login Platform to version 16.01.2025 or later.