CVE-2024-13147: Panel SQLi enables

CISO Take

CVE-2024-13147 is a critical SQL injection (CVSS 9.8) in Merkur Software's B2B Login Panel, exploitable by any unauthenticated remote attacker with zero interaction required — the worst-case exploitation profile. A successful attack against the login endpoint can yield full database read/write access, enabling credential theft, authentication bypass, and data manipulation across all connected ML/AI workflows that rely on this panel for access control. With 479 downstream dependents and 30 prior CVEs in the same package, this component carries a documented history of systemic input validation failures that amplifies organizational risk well beyond this single flaw. Upgrade to the January 15, 2025 release immediately; if patching cannot be immediate, deploy a WAF rule blocking SQL metacharacters on authentication endpoints and audit database logs for UNION, stacked queries, or error-based injection signatures.

Sources: NVD ATLAS OpenSSF

What is the risk?

CRITICAL. The CVSS 9.8 score reflects maximum exploitability: network-accessible, zero authentication, zero user interaction, low complexity. In AI/ML deployments, the B2B Login Panel gates access to model-serving infrastructure, training pipelines, or sensitive ML datasets. Full database compromise at the authentication layer means an attacker can enumerate users, extract stored API keys or tokens, and pivot to backend AI infrastructure. The 30-CVE track record of this package signals systemic input validation deficits, not an isolated incident — assume all versions prior to the patch date are vulnerable.

How does the attack unfold?

Initial Access

Attacker sends a crafted SQL payload to the unauthenticated B2B Login Panel endpoint exposed over the internet, requiring no prior credentials or user interaction.

AML.T0049

Credential Extraction

SQL injection query dumps the users table, extracting credentials, API keys, and session tokens stored in the underlying database.

AML.T0106

Authentication Bypass

Attacker uses extracted credentials or direct injection-based authentication bypass to access the AI platform as a legitimate user or administrator.

AML.T0012

AI Platform Compromise

With authenticated access, attacker exfiltrates ML model artifacts, training data, and configuration secrets, or pivots laterally to connected AI infrastructure.

AML.T0025

Initial Access

Attacker sends a crafted SQL payload to the unauthenticated B2B Login Panel endpoint exposed over the internet, requiring no prior credentials or user interaction.

AML.T0049

Credential Extraction

SQL injection query dumps the users table, extracting credentials, API keys, and session tokens stored in the underlying database.

AML.T0106

Authentication Bypass

Attacker uses extracted credentials or direct injection-based authentication bypass to access the AI platform as a legitimate user or administrator.

AML.T0012

AI Platform Compromise

With authenticated access, attacker exfiltrates ML model artifacts, training data, and configuration secrets, or pivots laterally to connected AI infrastructure.

AML.T0025

What systems are affected?

Package	Ecosystem	Vulnerable Range	Patched
Panel	pip	—	No patch
5.7K OpenSSF 6.5 479 dependents Pushed 6d ago 53% patched ~6d to patch Full package profile →

Do you use Panel? You're affected.

How severe is it?

CVSS 3.1

9.8 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

Trivial

What is the attack surface?

AV Network

AC Low

PR None

UI None

S Unchanged

C High

I High

A High

What should I do?

6 steps

Patch immediately: Upgrade to B2B Login Panel version 15.01.2025 or later.
WAF rule: Block SQL metacharacters (single quote, double dash, semicolon, UNION, OR 1=1 patterns) in all login form fields at the perimeter.
Database audit: Review query logs for anomalous patterns — UNION SELECT, error-based injection signatures, OR-always-true conditions — covering the exposure window prior to patching.
Credential rotation: If the panel was publicly exposed before patching, rotate all credentials, API keys, and tokens stored in the connected database.
Network isolation: Restrict B2B Login Panel access to known IP ranges where operationally feasible.
Reference: Turkish USOM advisory TR-25-0054 (siberguvenlik.gov.tr) provides disclosure context and affected version details.

How is it classified?

Auth Bypass Data Extraction Framework API AML.T0012 - Valid Accounts AML.T0025 - Exfiltration via Cyber Means AML.T0049 - Exploit Public-Facing Application AML.T0106 - Exploitation for Credential Access

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act

Article 15 - Accuracy, robustness and cybersecurity

ISO 42001

A.9.3 - Access control for AI systems

NIST AI RMF

GOVERN 1.7 - Organizational risk tolerance for AI

OWASP LLM Top 10

LLM06 - Sensitive Information Disclosure

Frequently Asked Questions

What is CVE-2024-13147?

CVE-2024-13147 is a critical SQL injection (CVSS 9.8) in Merkur Software's B2B Login Panel, exploitable by any unauthenticated remote attacker with zero interaction required — the worst-case exploitation profile. A successful attack against the login endpoint can yield full database read/write access, enabling credential theft, authentication bypass, and data manipulation across all connected ML/AI workflows that rely on this panel for access control. With 479 downstream dependents and 30 prior CVEs in the same package, this component carries a documented history of systemic input validation failures that amplifies organizational risk well beyond this single flaw. Upgrade to the January 15, 2025 release immediately; if patching cannot be immediate, deploy a WAF rule blocking SQL metacharacters on authentication endpoints and audit database logs for UNION, stacked queries, or error-based injection signatures.

Is CVE-2024-13147 actively exploited?

No confirmed active exploitation of CVE-2024-13147 has been reported, but organizations should still patch proactively.

How to fix CVE-2024-13147?

1. Patch immediately: Upgrade to B2B Login Panel version 15.01.2025 or later. 2. WAF rule: Block SQL metacharacters (single quote, double dash, semicolon, UNION, OR 1=1 patterns) in all login form fields at the perimeter. 3. Database audit: Review query logs for anomalous patterns — UNION SELECT, error-based injection signatures, OR-always-true conditions — covering the exposure window prior to patching. 4. Credential rotation: If the panel was publicly exposed before patching, rotate all credentials, API keys, and tokens stored in the connected database. 5. Network isolation: Restrict B2B Login Panel access to known IP ranges where operationally feasible. 6. Reference: Turkish USOM advisory TR-25-0054 (siberguvenlik.gov.tr) provides disclosure context and affected version details.

What systems are affected by CVE-2024-13147?

This vulnerability affects the following AI/ML architecture patterns: ML platform authentication layers, AI dashboard access control, Model management interfaces, Multi-tenant AI service portals.

What is the CVSS score for CVE-2024-13147?

CVE-2024-13147 has a CVSS v3.1 base score of 9.8 (CRITICAL).

What is the AI security impact?

Affected AI Architectures

ML platform authentication layersAI dashboard access controlModel management interfacesMulti-tenant AI service portals

MITRE ATLAS Techniques

AML.T0012 Valid Accounts

AML.T0025 Exfiltration via Cyber Means

AML.T0049 Exploit Public-Facing Application

AML.T0106 Exploitation for Credential Access

Compliance Controls Affected

EU AI Act: Article 15

ISO 42001: A.9.3

NIST AI RMF: GOVERN 1.7

OWASP LLM Top 10: LLM06

What are the technical details?

Original Advisory

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection. This issue affects B2B Login Panel: before 15.01.2025.

Exploitation Scenario

An adversary targeting an AI platform protected by Merkur Software B2B Login Panel sends a crafted HTTP POST to the login endpoint with a malicious username payload such as ' OR '1'='1' -- or UNION SELECT username,password,NULL FROM users--. The unsanitized input is embedded directly into a SQL query, returning all user records or authenticating the attacker without valid credentials. The attacker extracts stored ML platform credentials, API tokens, and user records from the database. With valid credentials, they authenticate to the AI management dashboard, gaining access to model artifacts, training data, and configuration — enabling downstream lateral movement into the AI/ML pipeline.

Weaknesses (CWE)

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

[Architecture and Design] Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482]. For example, consider using persistence layers such as Hibernate or Enterprise Java Beans, which can provide significant protection against SQL injection if used properly.
[Architecture and Design] If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated. Process SQL queries using prepared statements, parameterized queries, or stored procedures. These features should accept parameters or variables and support strong typing. Do not dynamically construct and execute query strings within these features using "exec" or similar functionality, since this may re-introduce the possibility of SQL injection. [REF-867]

Source: MITRE CWE corpus.