CVE-2024-12364 | THREATINT

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection. This issue affects Guest Tracking Software. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.

PUBLISHED Reserved 2024-12-09 | Published 2025-06-27 | Updated 2026-06-01 | Assigner TR-CERT

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

affected

Any version

affected

Credits

Pınar TAŞĞIN finder

References

www.usom.gov.tr/bildirim/tr-25-0140 government-resource broken-link

siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0140 government-resource

cve.org (CVE-2024-12364)

nvd.nist.gov (CVE-2024-12364)

Download JSON