CVE-2024-13152
published 2025-02-14CVE-2024-13152: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel…
PriorityP262critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.46%
36.9th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.
This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bss_software | mobuy_online_machinery_monitoring_panel | < 2.0 | 2.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
BSS Mobuy Online Machinery Monitoring Panel up to 1.x authorization bypass through user-controlled sql primary key
vuldb·2026-06-01·CVSS 10.0
CVE-2024-13152 [CRITICAL] BSS Mobuy Online Machinery Monitoring Panel up to 1.x authorization bypass through user-controlled sql primary key
A vulnerability, which was classified as very critical, has been found in BSS Mobuy Online Machinery Monitoring Panel up to 1.x. Affected by this issue is some unknown functionality. The manipulation leads to authorization bypass through user-controlled sql primary key.
This vulnerability is referenced as CVE-2024-13152. Remote exploitation of the attack is possible. No exploit is available.
It is advisable to upgrade the affected component.
GHSA
GHSA-892g-4h6m-36mf: Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injectio
ghsa_unreviewed·2025-02-14
CVE-2024-13152 [CRITICAL] CWE-566 GHSA-892g-4h6m-36mf: Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injectio
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-02-14
Published