CVE-2024-12143 | Improper Neutralization of Special Elements used in an SQL C… | CVSS 9.8 CRITICAL

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection. This issue affects Mikro Hand Terminal - MikroDB. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.

Metadata

CVE ID: CVE-2024-12143
State: PUBLISHED
Assigner: TR-CERT
Reserved: 2024-12-04 11:36 UTC
Published: 2025-06-27 17:00 UTC
Last updated: 2026-06-01 13:10 UTC
Primary CWE: CWE-89
CWE-89 Improper Neutralization of Special Elements used in a…
Vendor / Product: Mobilteg Mobile Informatics / Mikro Hand Terminal - MikroDB
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Mobilteg Mobile Informatics	Mikro Hand Terminal - MikroDB	—	—

Weakness (CWE)

CWE	Source	Description
CWE-89	cna	CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)