{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-13151", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-01-06T14:04:42.376Z", "datePublished": "2025-09-18T11:56:28.863Z", "dateUpdated": "2025-10-03T12:19:32.604Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Auto Service Software", "vendor": "ESBI Information and Telecommunication Industry and Trade Limited Company", "versions": [{"lessThan": "v.2025.10.01", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yunus \u00d6RNEK"}], "datePublic": "2025-09-18T11:48:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.<p>This issue affects Auto Service Software: before v.2025.10.01.</p>"}], "value": "CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.This issue affects Auto Service Software: before v.2025.10.01."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-10-03T12:19:32.604Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0273"}], "source": {"advisory": "TR-25-0273", "defect": ["TR-25-0273"], "discovery": "UNKNOWN"}, "title": "SQLi in ESBI Informatics's Auto Service Software", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-18T13:25:44.039536Z", "id": "CVE-2024-13151", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-18T13:26:03.330Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-13151", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-18T13:25:44.039536Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-18T13:25:55.229Z"}}], "cna": {"title": "SQLi in ESBI Informatics's Auto Service Software", "source": {"defect": ["TR-25-0273"], "advisory": "TR-25-0273", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Yunus \u00d6RNEK"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ESBI Information and Telecommunication Industry and Trade Limited Company", "product": "Auto Service Software", "versions": [{"status": "affected", "version": "0", "lessThan": "v.2025.10.01", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-09-18T11:48:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0273"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.This issue affects Auto Service Software: before v.2025.10.01.", "supportingMedia": [{"type": "text/html", "value": "CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.<p>This issue affects Auto Service Software: before v.2025.10.01.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-10-03T12:19:32.604Z"}}}, "cveMetadata": {"cveId": "CVE-2024-13151", "state": "PUBLISHED", "dateUpdated": "2025-10-03T12:19:32.604Z", "dateReserved": "2025-01-06T14:04:42.376Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-09-18T11:56:28.863Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.This issue affects Auto Service Software: before v.2025.10.01."}], "id": "CVE-2024-13151", "lastModified": "2025-10-03T13:15:45.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "iletisim@usom.gov.tr", "type": "Primary"}]}, "published": "2025-09-18T12:15:36.260", "references": [{"source": "iletisim@usom.gov.tr", "url": "https://www.usom.gov.tr/bildirim/tr-25-0273"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Awaiting Analysis"}

{}

{"created": "2025-09-22T10:00:17.092942+00:00", "updated": "2025-09-22T10:06:33.987838+00:00", "vendors": ["logo_software", "logo_software$PRODUCT$diva"]}