CVE-2024-13151 | THREATINT

Description

CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.This issue affects Auto Service Software: before v.2025.10.01.

PUBLISHED Reserved 2025-01-06 | Published 2025-09-18 | Updated 2025-10-03 | Assigner TR-CERT

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

Any version before v.2025.10.01

affected

Credits

Yunus ÖRNEK finder

References

www.usom.gov.tr/bildirim/tr-25-0273

cve.org (CVE-2024-13151)

nvd.nist.gov (CVE-2024-13151)

Download JSON