CVE-2024-13147
published 2025-03-05CVE-2024-13147: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.38%
29.6th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.
This issue affects B2B Login Panel: before 15.01.2025.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| merkur_software | b2b_login_panel | < 15.01.2025 | 15.01.2025 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Merkur B2B Login Panel prior 15.01.2025 sql injection
vuldb·2026-06-01·CVSS 9.8
CVE-2024-13147 [CRITICAL] Merkur B2B Login Panel prior 15.01.2025 sql injection
A vulnerability marked as critical has been reported in Merkur B2B Login Panel. The impacted element is an unknown function. Performing a manipulation results in sql injection.
This vulnerability is identified as CVE-2024-13147. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
GHSA
GHSA-xhc9-5794-7px7: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injec
ghsa_unreviewed·2025-03-05
CVE-2024-13147 [CRITICAL] CWE-89 GHSA-xhc9-5794-7px7: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injec
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login Panel: before 15.01.2025.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-05
Published