CVE-2024-13150

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions fayton.Pro ERP versions through 20250929

Description A flaw exists in fayton.Pro ERP that allows for SQL Injection. This issue enables unauthorized access to the full database with minimal effort. The vulnerability is due to improper neutralization of special elements within SQL commands.

Recommendations Versions prior to 20250929 should be updated.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-13150

Affected Products

Fayton.Pro Erp

CVE-2024-13150

Weakness Enumeration

Related Identifiers

Affected Products

References · 6