Urgent: SQL Injection Vulnerability Discovered in Fayton.Pro ERP Software

A serious vulnerability has been detected in Fayton Software’s fayton.Pro ERP system, which is used for managing various business operations. This flaw, identified as CVE-2024-13150, If left unaddressed, cyber attackers could exploit this vulnerability to gain access to your data or manipulate your systems.

Who is at Risk?

If you use the fayton.Pro ERP software, you could be at risk. This includes:

• Small to medium-sized businesses that rely on fayton.Pro ERP for their operations.
• Any organization that has not updated their fayton.Pro ERP software before September 2025.
• Individuals handling sensitive information through the software.

What Could Happen?

Exploiting this SQL injection flaw means attackers might be able to:

• Retrieve sensitive customer or company data.
• Modify or delete important information, disrupting business operations.
• Potentially use the compromised data for further attacks.

How to Stay Safe

Acting swiftly is crucial! Since the manufacturer has not yet provided a fix, here are some immediate steps you can take to protect yourself:

• Switch to Alternative Solutions: The National Cyber Incident Response Center (USOM) recommends using equivalent software until a fix is available.
• Monitor Your Systems: Keep a close eye on any unusual activity in your ERP system. Look for unexpected changes or missing data to catch issues early.
• Stay Informed: Regularly check for any updates or patches from Fayton Software.

Taking these precautions now will help safeguard your business against potential threats.

📖 Learn more: CVE-2024-13150 Details | USOM Notification