{"id":57156,"date":"2025-07-04T12:24:12","date_gmt":"2025-07-04T12:24:12","guid":{"rendered":""},"modified":"2025-09-27T07:38:49","modified_gmt":"2025-09-27T13:38:49","slug":"cve-2024-12364-sql-injection-vulnerability-in-mavi-yesil-software-guest-tracking-software","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2024-12364-sql-injection-vulnerability-in-mavi-yesil-software-guest-tracking-software\/","title":{"rendered":"<strong>CVE-2024-12364: SQL Injection Vulnerability in Mavi Ye\u015fil Software Guest Tracking Software<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2024-12364 vulnerability is a critical issue that affects Mavi Ye\u015fil Software&#8217;s Guest Tracking Software. This vulnerability is an instance of SQL Injection, one of the most common types of cyber attacks, leading to potential system compromise or data leakage. The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49253-high-severity-php-remote-file-inclusion-vulnerability-in-thembay-lasa\/\"  data-wpil-monitor-id=\"63715\">severity of this vulnerability<\/a>, coupled with the fact that the vendor has yet to confirm the completion of a fix, makes this a high-priority issue for organizations utilizing the affected software.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2024-12364<br \/>\nSeverity: Critical (9.8 CVSS)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6510-critical-vulnerability-in-netgear-ex6100-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"63716\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2452851833\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p>Mavi Ye\u015fil Guest Tracking Software | All versions up to current<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-47295-csv-injection-vulnerability-in-ncr-terminal-handler-v1-5-1\/\"  data-wpil-monitor-id=\"63959\">vulnerability exploitation happens when an attacker is able to inject<\/a> malicious SQL commands into the software. This is made possible by the application&#8217;s improper neutralization of <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50213-special-element-injection-vulnerability-in-apache-airflow-providers-snowflake\/\"  data-wpil-monitor-id=\"63979\">special elements<\/a> used in SQL commands. <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2021-41691-sql-injection-vulnerability-in-os4ed-open-source-information-system-community\/\"  data-wpil-monitor-id=\"64152\">SQL Injection<\/a> attacks occur when an application uses user input to construct SQL queries without properly validating or escaping it, allowing an attacker to manipulate the SQL queries executed by the database.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1930425894\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>An example of how this vulnerability might be exploited is shown below. Please note that this is a conceptual example created for <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49526-out-of-bounds-write-vulnerability-in-illustrator-leading-to-arbitrary-code-execution\/\"  data-wpil-monitor-id=\"75278\">illustrative purposes and does not represent actual exploit code<\/a>.<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/guestInfo HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/x-www-form-urlencoded\nguestId=1 OR 1=1; DROP TABLE users;--<\/code><\/pre>\n<p>In this example, the attacker is exploiting the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52822-sql-injection-vulnerability-in-iqonic-design-wp-roadmap\/\"  data-wpil-monitor-id=\"63927\">vulnerability by injecting a malicious SQL<\/a> command (`1 OR 1=1; DROP TABLE users;&#8211;`) into the `guestId` parameter. This results in the application making a query to the database that always returns true (`1 OR 1=1`) and subsequently deletes the `users` table (`DROP TABLE users`), effectively <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5867-critical-vulnerability-in-rt-thread-5-1-0-leading-to-system-compromise-or-data-leakage\/\"  data-wpil-monitor-id=\"63928\">compromising the system<\/a>.<\/p>\n<p><strong>How to Mitigate<\/strong><\/p>\n<p>Until the vendor <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-35115-critical-system-package-download-vulnerability-in-agiloft-release-28\/\"  data-wpil-monitor-id=\"85330\">releases a patch for this vulnerability<\/a>, the best course of action is to implement temporary mitigation measures. This can be done either by using a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) to detect and block <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49853-sql-injection-vulnerability-in-controlid-idsecure-on-premises-versions\/\"  data-wpil-monitor-id=\"64355\">SQL Injection<\/a> attacks. These systems can be configured to identify and stop suspicious queries before they reach the application&#8217;s database, thus preventing a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6435-firefox-vulnerability-leading-to-potential-system-compromise-and-data-leakage\/\"  data-wpil-monitor-id=\"75279\">potential compromise<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2024-12364 vulnerability is a critical issue that affects Mavi Ye\u015fil Software&#8217;s Guest Tracking Software. This vulnerability is an instance of SQL Injection, one of the most common types of cyber attacks, leading to potential system compromise or data leakage. The severity of this vulnerability, coupled with the fact that the vendor has yet [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[74],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-57156","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-sql-injection"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/57156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=57156"}],"version-history":[{"count":8,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/57156\/revisions"}],"predecessor-version":[{"id":78123,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/57156\/revisions\/78123"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=57156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=57156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=57156"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=57156"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=57156"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=57156"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=57156"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=57156"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=57156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}