CVE-2024-13152

CVE-2024-13152 is an SQL injection vulnerability (CWE-89), resulting from improper neutralization of special elements used in an SQL command, affecting BSS Software's Mobuy Online Machinery Monitoring Panel in versions prior to 2.0. Published on 2025-02-14, it carries a maximum CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, no privileges or user interaction needed, and scope change.

Remote, unauthenticated attackers can exploit this vulnerability over the network to inject malicious SQL queries, potentially achieving high-impact compromise of confidentiality, integrity, and availability. This could enable full database read/write access, data exfiltration, modification, or deletion, and possibly remote code execution depending on the application's backend configuration.

The primary advisory from USOM (https://www.usom.gov.tr/bildirim/tr-25-0033) details the issue, with mitigation centered on upgrading to Mobuy Online Machinery Monitoring Panel version 2.0 or later, as the vulnerability affects only prior releases.