Yunus Ornek

**Name of the Vulnerable Software and Affected Versions** Merkur Software B2B Login Panel versions prior to 15.01.2025 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions prior to 15.01.2025, update to a version released after 15.01.2025 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Yukseloglu Filter B2B Login Platform versions prior to 16.01.2025 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions prior to 16.01.2025, update to a version released after 16.01.2025 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BSS Software Mobuy Online Machinery Monitoring Panel versions prior to 2.0 **Description** The issue affects BSS Software Mobuy Online Machinery Monitoring Panel, allowing SQL Injection due to an Authorization Bypass Through User-Controlled SQL Primary Key vulnerability. This enables unauthorized access to sensitive data. **Recommendations** For versions prior to 2.0, update to version 2.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and SQL endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Teknogis Informatics Closed Circuit Vehicle Tracking Software versions through 21.11.2024 **Description** The issue is related to improper neutralization of special elements used in an SQL command, allowing SQL Injection and Blind SQL Injection. This is a result of a Hibernate vulnerability. The vendor was contacted about this disclosure but did not respond. **Recommendations** For versions through 21.11.2024, as a temporary workaround, consider restricting access to SQL commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.