{"id":57156,"date":"2025-07-04T12:24:12","date_gmt":"2025-07-04T12:24:12","guid":{"rendered":""},"modified":"2025-09-27T07:38:49","modified_gmt":"2025-09-27T13:38:49","slug":"cve-2024-12364-sql-injection-vulnerability-in-mavi-yesil-software-guest-tracking-software","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2024-12364-sql-injection-vulnerability-in-mavi-yesil-software-guest-tracking-software\/","title":{"rendered":"<strong>CVE-2024-12364: SQL Injection Vulnerability in Mavi Ye\u015fil Software Guest Tracking Software<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2024-12364 vulnerability is a critical issue that affects Mavi Ye\u015fil Software&#8217;s Guest Tracking Software. This vulnerability is an instance of SQL Injection, one of the most common types of cyber attacks, leading to potential system compromise or data leakage. The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49253-high-severity-php-remote-file-inclusion-vulnerability-in-thembay-lasa\/\"  data-wpil-monitor-id=\"63715\">severity of this vulnerability<\/a>, coupled with the fact that the vendor has yet to confirm the completion of a fix, makes this a high-priority issue for organizations utilizing the affected software.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2024-12364<br \/>\nSeverity: Critical (9.8 CVSS)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6510-critical-vulnerability-in-netgear-ex6100-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"63716\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2908121967\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Mavi Ye\u015fil Guest Tracking Software | All versions up to current<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-47295-csv-injection-vulnerability-in-ncr-terminal-handler-v1-5-1\/\"  data-wpil-monitor-id=\"63959\">vulnerability exploitation happens when an attacker is able to inject<\/a> malicious SQL commands into the software. This is made possible by the application&#8217;s improper neutralization of <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50213-special-element-injection-vulnerability-in-apache-airflow-providers-snowflake\/\"  data-wpil-monitor-id=\"63979\">special elements<\/a> used in SQL commands. <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2021-41691-sql-injection-vulnerability-in-os4ed-open-source-information-system-community\/\"  data-wpil-monitor-id=\"64152\">SQL Injection<\/a> attacks occur when an application uses user input to construct SQL queries without properly validating or escaping it, allowing an attacker to manipulate the SQL queries executed by the database.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1990811689\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>An example of how this vulnerability might be exploited is shown below. Please note that this is a conceptual example created for <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49526-out-of-bounds-write-vulnerability-in-illustrator-leading-to-arbitrary-code-execution\/\"  data-wpil-monitor-id=\"75278\">illustrative purposes and does not represent actual exploit code<\/a>.<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/guestInfo HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/x-www-form-urlencoded\nguestId=1 OR 1=1; DROP TABLE users;--<\/code><\/pre>\n<p>In this example, the attacker is exploiting the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52822-sql-injection-vulnerability-in-iqonic-design-wp-roadmap\/\"  data-wpil-monitor-id=\"63927\">vulnerability by injecting a malicious SQL<\/a> command (`1 OR 1=1; DROP TABLE users;&#8211;`) into the `guestId` parameter. This results in the application making a query to the database that always returns true (`1 OR 1=1`) and subsequently deletes the `users` table (`DROP TABLE users`), effectively <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5867-critical-vulnerability-in-rt-thread-5-1-0-leading-to-system-compromise-or-data-leakage\/\"  data-wpil-monitor-id=\"63928\">compromising the system<\/a>.<\/p>\n<p><strong>How to Mitigate<\/strong><\/p>\n<p>Until the vendor <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-35115-critical-system-package-download-vulnerability-in-agiloft-release-28\/\"  data-wpil-monitor-id=\"85330\">releases a patch for this vulnerability<\/a>, the best course of action is to implement temporary mitigation measures. This can be done either by using a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) to detect and block <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49853-sql-injection-vulnerability-in-controlid-idsecure-on-premises-versions\/\"  data-wpil-monitor-id=\"64355\">SQL Injection<\/a> attacks. These systems can be configured to identify and stop suspicious queries before they reach the application&#8217;s database, thus preventing a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6435-firefox-vulnerability-leading-to-potential-system-compromise-and-data-leakage\/\"  data-wpil-monitor-id=\"75279\">potential compromise<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2024-12364 vulnerability is a critical issue that affects Mavi Ye\u015fil Software&#8217;s Guest Tracking Software. This vulnerability is an instance of SQL Injection, one of the most common types of cyber attacks, leading to potential system compromise or data leakage. The severity of this vulnerability, coupled with the fact that the vendor has yet [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[74],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-57156","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-sql-injection"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/57156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=57156"}],"version-history":[{"count":8,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/57156\/revisions"}],"predecessor-version":[{"id":78123,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/57156\/revisions\/78123"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=57156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=57156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=57156"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=57156"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=57156"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=57156"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=57156"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=57156"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=57156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}