{"api_version":"1","generated_at":"2026-07-04T11:41:47+00:00","cve":"CVE-2024-13151","urls":{"html":"https://cve.report/CVE-2024-13151","api":"https://cve.report/api/cve/CVE-2024-13151.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-13151","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-13151"},"summary":{"title":"SQLi in ESBI Informatics's Auto Service Software","description":"CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.\n\nThis issue affects Auto Service Software: before v.2025.10.01.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2025-09-18 12:15:36","updated_at":"2026-06-01 13:16:27"},"problem_types":["CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":[{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.usom.gov.tr/bildirim/tr-25-0273","name":"https://www.usom.gov.tr/bildirim/tr-25-0273","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0273","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0273","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-13151","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-13151","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"ESBI Information and Telecommunication Industry and Trade Limited Company","product":"Auto Service Software","version":"affected v.2025.10.01 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Yunus ÖRNEK","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"13151","cve":"CVE-2024-13151","epss":"0.000640000","percentile":"0.200570000","score_date":"2026-06-04","updated_at":"2026-06-05 00:02:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-13151","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-09-18T13:25:44.039536Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-09-18T13:26:03.330Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Auto Service Software","vendor":"ESBI Information and Telecommunication Industry and Trade Limited Company","versions":[{"lessThan":"v.2025.10.01","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Yunus ÖRNEK"}],"datePublic":"2025-09-18T11:48:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.<p>This issue affects Auto Service Software: before v.2025.10.01.</p>"}],"value":"CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.\n\nThis issue affects Auto Service Software: before v.2025.10.01."}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-06-01T12:15:27.058Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["government-resource","broken-link"],"url":"https://www.usom.gov.tr/bildirim/tr-25-0273"},{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0273"}],"source":{"advisory":"TR-25-0273","defect":["TR-25-0273"],"discovery":"UNKNOWN"},"title":"SQLi in ESBI Informatics's Auto Service Software","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2024-13151","datePublished":"2025-09-18T11:56:28.863Z","dateReserved":"2025-01-06T14:04:42.376Z","dateUpdated":"2026-06-01T12:15:27.058Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-09-18 12:15:36","lastModifiedDate":"2026-06-01 13:16:27","problem_types":["CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"13151","Ordinal":"1","Title":"SQLi in ESBI Informatics's Auto Service Software","CVE":"CVE-2024-13151","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"13151","Ordinal":"1","NoteData":"CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.\n\nThis issue affects Auto Service Software: before v.2025.10.01.","Type":"Description","Title":"SQLi in ESBI Informatics's Auto Service Software"}]}}}