Platform
other
Component
fayton-pro-erp
Fixed in
20250929.0.1
CVE-2024-13150 describes a SQL Injection vulnerability present in Fayton Software and Consulting Services' fayton.Pro ERP. This flaw allows attackers to inject malicious SQL code into database queries, potentially leading to unauthorized data access and manipulation. The vulnerability affects versions of fayton.Pro ERP from 0 through 20250929, and a patch is available in version 20250929.0.1.
Successful exploitation of CVE-2024-13150 could allow an attacker to bypass authentication mechanisms and gain unauthorized access to sensitive data stored within the fayton.Pro ERP database. This includes customer information, financial records, and potentially other confidential business data. The attacker could modify, delete, or exfiltrate this data, leading to significant financial and reputational damage. Furthermore, depending on the database configuration and permissions, an attacker might be able to leverage the SQL injection to execute arbitrary commands on the underlying server, potentially leading to complete system compromise and lateral movement within the network. This vulnerability shares similarities with other SQL injection attacks where attackers have gained control of entire systems by exploiting database vulnerabilities.
CVE-2024-13150 was published on 2025-09-29. The EPSS score is pending evaluation. Public proof-of-concept exploits are not currently known, but the SQL Injection nature of the vulnerability makes it likely that such exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.04% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-13150 is to immediately upgrade to version 20250929.0.1 of fayton.Pro ERP. Prior to upgrading, it is highly recommended to create a full backup of the database and system configuration to facilitate rollback in case of unforeseen issues. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with SQL injection protection rules to filter malicious requests. Additionally, review and restrict database user permissions to minimize the potential impact of a successful attack. After upgrading, verify the fix by attempting a SQL injection attack on vulnerable endpoints and confirming that the input is properly sanitized.
Update fayton.pro ERP to a version later than 20250929 that fixes the SQL Injection vulnerability. Contact the vendor for the updated version or a security patch. Review the source code to identify and fix SQL Injection vulnerabilities if an update is not available.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13150 is a critical SQL Injection vulnerability in Fayton.Pro ERP allowing attackers to inject malicious SQL code, potentially leading to data breaches and system compromise.
If you are using Fayton.Pro ERP versions 0 through 20250929, you are affected by this vulnerability and need to upgrade immediately.
Upgrade to version 20250929.0.1 of Fayton.Pro ERP. Back up your system before upgrading and consider WAF rules as an interim measure.
While no public exploits are currently known, the SQL Injection nature of the vulnerability suggests exploitation is likely and monitoring is crucial.
Refer to the official Fayton Software and Consulting Services website or security advisory channels for the latest information on CVE-2024-13150.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.