CVE-2024-13152 - OpenCVE

Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0033

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00043}`	epss `{'score': 0.00048}`

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0006}`	epss `{'score': 0.00043}`

Fri, 14 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 14 Feb 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.
Title		SQLi in BSS Software's Mobuy Online Machinery Monitoring Panel
Weaknesses		CWE-566
References		https://www.usom.gov.tr/bildirim/tr-25-0033
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-02-14T13:01:44.625Z

Updated: 2025-02-14T13:28:46.098Z

Reserved: 2025-01-06T14:08:18.476Z

Link: CVE-2024-13152

Vulnrichment

Updated: 2025-02-14T13:28:41.582Z

NVD

Status : Received

Published: 2025-02-14T13:15:42.170

Modified: 2025-02-14T13:15:42.170

Link: CVE-2024-13152

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-13152", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-01-06T14:08:18.476Z", "datePublished": "2025-02-14T13:01:44.625Z", "dateUpdated": "2025-02-14T13:28:46.098Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mobuy Online Machinery Monitoring Panel", "vendor": "BSS Software", "versions": [{"lessThan": "2.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yunus ORNEK"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.<p>This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.</p>"}], "value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-566", "description": "CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-02-14T13:01:44.625Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0033"}], "source": {"advisory": "TR-25-0033", "defect": ["TR-25-0033"], "discovery": "UNKNOWN"}, "title": "SQLi in BSS Software's Mobuy Online Machinery Monitoring Panel", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-14T13:22:13.386187Z", "id": "CVE-2024-13152", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-14T13:28:46.098Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-13152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-14T13:22:13.386187Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-14T13:28:41.582Z"}}], "cna": {"title": "SQLi in BSS Software's Mobuy Online Machinery Monitoring Panel", "source": {"defect": ["TR-25-0033"], "advisory": "TR-25-0033", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Yunus ORNEK"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "BSS Software", "product": "Mobuy Online Machinery Monitoring Panel", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0033"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.", "supportingMedia": [{"type": "text/html", "value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.<p>This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-566", "description": "CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-02-14T13:01:44.625Z"}}}, "cveMetadata": {"cveId": "CVE-2024-13152", "state": "PUBLISHED", "dateUpdated": "2025-02-14T13:28:46.098Z", "dateReserved": "2025-01-06T14:08:18.476Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-02-14T13:01:44.625Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}