CVE-2024-13147

{"id": "CVE-2024-13147", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-03-05T14:15:35.910", "references": [{"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0054", "source": "iletisim@usom.gov.tr"}, {"url": "https://www.usom.gov.tr/bildirim/tr-25-0054", "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.\n\nThis issue affects B2B Login Panel: before 15.01.2025."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Merkur Software B2B Login Panel permite la inyecci\u00f3n SQL. Este problema afecta al Panel de inicio de sesi\u00f3n B2B: antes del 15.01.2025. "}], "lastModified": "2026-06-01T13:16:27.377", "sourceIdentifier": "iletisim@usom.gov.tr"}