CVE-2024-13150
📋 TL;DR
This SQL injection vulnerability in Fayton Software's fayton.Pro ERP allows attackers to execute arbitrary SQL commands through the application. All users running affected versions are vulnerable to potential data theft, modification, or system compromise.
💻 Affected Systems
- fayton.Pro ERP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data exfiltration, privilege escalation, and potential remote code execution on the underlying server.
Likely Case
Unauthorized data access, manipulation of business records, and potential extraction of sensitive information like customer data, financial records, or credentials.
If Mitigated
Limited impact with proper input validation, parameterized queries, and network segmentation preventing successful exploitation.
🎯 Exploit Status
SQL injection vulnerabilities typically have low exploitation complexity, especially when unauthenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified
Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-25-0304
Restart Required: Yes
Instructions:
1. Contact Fayton Software for patch availability 2. Apply vendor-provided update 3. Restart application services 4. Verify fix implementation
🔧 Temporary Workarounds
Web Application Firewall
allDeploy WAF with SQL injection rules to block malicious payloads
Input Validation
allImplement strict input validation on all user-supplied parameters
🧯 If You Can't Patch
- Isolate the ERP system in a segmented network with strict access controls
- Implement database-level controls: least privilege accounts, stored procedures, and query logging
🔍 How to Verify
Check if Vulnerable:
Check application version against affected range (through 20250929)Check Version:
Check application interface or configuration files for version informationVerify Fix Applied:
Verify installed version is newer than 20250929 and test with SQL injection payloads in a safe environment📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed login attempts with SQL syntax
- Unexpected database queries from application users
Network Indicators:
- SQL keywords in HTTP parameters (SELECT, UNION, INSERT, etc.)
- Unusual database connection patterns
SIEM Query:
source="application_logs" AND ("SQL syntax" OR "unclosed quotation" OR "near '" OR "You have an error in your SQL syntax")