CVE-2024-12364
CRITICALMavi Yeşil Guest Tracking Software - SQL Injection
Title source: llmDescription
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection. This issue affects Guest Tracking Software. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource government-resource
broken-link
https://www.usom.gov.tr/bildirim/tr-25-0140
Government Resource government-resource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0140
Scores
CVSS v3
9.8
EPSS
0.0038
EPSS Percentile
29.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
Mavi Yeşil Software/Guest Tracking Software
Published
Jun 27, 2025
Tracked Since
Feb 18, 2026