Authorization Bypass Vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel
CVE-2024-13152

10CRITICAL

Key Information:

Vendor: Bss Software
Status: Mobuy Online Machinery Monitoring Panel
Vendor: CVE Published:; 14 February 2025

Summary

An authorization bypass vulnerability exists in the BSS Software Mobuy Online Machinery Monitoring Panel, allowing attackers to exploit SQL injection through user-controlled primary keys. This issue affects versions of the product prior to 2.0, presenting a risk for unauthorized access to sensitive data and operations within the monitoring panel.

Affected Version(s)

Mobuy Online Machinery Monitoring Panel 0 < 2.0

References

https://www.usom.gov.tr/bildirim/tr-25-0033

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 6, 2025

Credit

Yunus ORNEK