CVE-2024-12144
📋 TL;DR
This SQL injection vulnerability in Finder Fire Safety Finder ERP/CRM (Old System) allows attackers to execute arbitrary SQL commands through the application. It affects all versions before December 18, 2024. Organizations using this legacy ERP/CRM system are at risk of data breaches.
💻 Affected Systems
- Finder Fire Safety Finder ERP/CRM (Old System)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data exfiltration, data manipulation, authentication bypass, and potential remote code execution on the database server.
Likely Case
Unauthorized data access, extraction of sensitive business information, and potential privilege escalation within the application.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.
🎯 Exploit Status
SQL injection vulnerabilities typically have low exploitation complexity. The advisory suggests unauthenticated access is possible, making exploitation easier.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version dated 18.12.2024 or later
Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-25-0060
Restart Required: Yes
Instructions:
1. Contact Finder Fire Safety for the patched version (18.12.2024 or later). 2. Backup your current system and data. 3. Apply the vendor-provided update. 4. Restart the application services. 5. Verify the update was successful.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy a WAF with SQL injection protection rules to block malicious requests.
Input Validation Filtering
allImplement application-level input validation to reject SQL special characters in user inputs.
🧯 If You Can't Patch
- Isolate the ERP/CRM system behind a firewall with strict access controls and monitor all database queries.
- Implement database-level controls: use least privilege accounts, enable query logging, and regularly audit database access patterns.
🔍 How to Verify
Check if Vulnerable:
Check the system version date in the application interface or configuration files. If the date is before December 18, 2024, the system is vulnerable.Check Version:
Check application admin panel or configuration files for version information. No universal command available.Verify Fix Applied:
Verify the application version shows 18.12.2024 or later, and test input fields with SQL injection test payloads (in a controlled manner) to confirm they are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual database query patterns
- Multiple failed login attempts with SQL syntax
- Long or malformed HTTP requests to application endpoints
Network Indicators:
- Unusual outbound database connections from application server
- SQL error messages in HTTP responses
SIEM Query:
source="application_logs" AND (message="*sql*" OR message="*select*" OR message="*union*" OR message="*or 1=1*")