📄 Description (English)
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.
🤖 AI Executive Summary
Web Ofisi Firma v13 contains a critical unauthenticated SQL injection vulnerability in the 'oz' array parameter that allows attackers to extract sensitive database information through time-based blind SQL injection. The vulnerability affects category pages accessible via GET requests and poses significant risk to organizations using this software for business operations. With publicly available exploits and patches available, immediate patching is essential to prevent unauthorized data access and potential system compromise.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 25, 2026 06:37
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations using Web Ofisi Firma v13, particularly in government agencies, municipalities, and private sector companies relying on this software for business operations and customer data management. Government entities under NCA oversight and organizations handling sensitive citizen data are at highest risk. The unauthenticated nature of the attack means any internet-facing instance is vulnerable without requiring valid credentials. Financial institutions and healthcare providers using this platform for customer portals face potential data breach exposure affecting SAMA compliance and patient privacy regulations.
🏢 Affected Saudi Sectors
Government and Public Administration
Banking and Financial Services
Healthcare and Medical Services
Telecommunications
Energy and Utilities
Education
Retail and E-commerce
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.5
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of Web Ofisi Firma v13 in your environment using network scanning and asset inventory tools
2. Isolate or restrict internet access to affected systems immediately if patching cannot be completed within 24 hours
3. Review database access logs for suspicious SQL patterns and time-based query anomalies
4. Check for indicators of compromise: unusual database queries, exported data, or modified database records
PATCHING GUIDANCE:
1. Apply the latest security patch from Web Ofisi vendor immediately
2. Test patches in non-production environment first
3. Implement change management procedures for production deployment
4. Verify patch effectiveness by attempting exploitation in controlled environment
COMPENSATING CONTROLS (if immediate patching not possible):
1. Implement Web Application Firewall (WAF) rules to block requests containing SQL injection patterns in 'oz' parameter
2. Deploy input validation rules: reject 'oz[]' parameters containing SQL keywords (UNION, SELECT, WHERE, etc.)
3. Enable database query logging and real-time alerting for suspicious SQL patterns
4. Restrict database user permissions to minimum required privileges
5. Implement rate limiting on category page requests
DETECTION RULES:
1. Monitor for GET requests to category pages with 'oz[]' parameters containing: UNION, SELECT, SLEEP(), BENCHMARK(), WAITFOR
2. Alert on database queries with unusual execution times (>5 seconds) from application user
3. Monitor for multiple failed database connection attempts or authentication errors
4. Track data exfiltration patterns: large result sets or unusual database queries
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ Web Ofisi Firma v13 في بيئتك باستخدام أدوات المسح والمخزون
2. عزل أو تقييد الوصول إلى الإنترنت للأنظمة المتأثرة فوراً إذا لم يكن التصحيح ممكناً خلال 24 ساعة
3. مراجعة سجلات الوصول إلى قاعدة البيانات للأنماط المريبة والاستعلامات غير العادية
4. التحقق من مؤشرات الاختراق: استعلامات قاعدة البيانات غير العادية أو البيانات المُصدَّرة
إرشادات التصحيح:
1. تطبيق أحدث تصحيح أمان من بائع Web Ofisi فوراً
2. اختبار التصحيحات في بيئة غير الإنتاج أولاً
3. تنفيذ إجراءات إدارة التغيير لنشر الإنتاج
4. التحقق من فعالية التصحيح بمحاولة الاستغلال في بيئة محكومة
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. تنفيذ قواعد جدار حماية تطبيقات الويب لحجب الطلبات التي تحتوي على أنماط حقن SQL
2. نشر قواعد التحقق من الإدخال: رفض معاملات 'oz[]' التي تحتوي على كلمات SQL
3. تفعيل تسجيل استعلامات قاعدة البيانات والتنبيهات في الوقت الفعلي
4. تقييد أذونات مستخدم قاعدة البيانات للحد الأدنى المطلوب
5. تنفيذ تحديد معدل الطلبات على صفحات الفئات
قواعد الكشف:
1. مراقبة طلبات GET إلى صفحات الفئات مع معاملات 'oz[]' تحتوي على: UNION, SELECT, SLEEP()
2. التنبيه على استعلامات قاعدة البيانات ذات أوقات التنفيذ غير العادية
3. مراقبة محاولات الاتصال الفاشلة المتعددة بقاعدة البيانات
4. تتبع أنماط تسرب البيانات والاستعلامات غير العادية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.14.2.1 - Secure development policy and procedures
A.14.2.5 - Secure development environment
A.12.6.1 - Management of technical vulnerabilities
A.12.2.1 - Monitoring and logging of access to information
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.AC-1 - Access control and authentication
DE.CM-1 - Detection and monitoring of anomalous activity
RS.MI-1 - Incident response and mitigation
🟡 ISO 27001:2022
A.12.2.1 - Information and other related assets
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy
A.14.2.5 - Secure development environment
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches and updates
Requirement 6.5.1 - Injection flaws prevention
Requirement 10.2 - Logging and monitoring
🔗 References & Sources 3
🔗
https://www.exploit-db.com/exploits/47145
disclosure@vulncheck.com
Exploit
VDB Entry
🔗
https://www.vulncheck.com/advisories/web-ofisi-firma-sql-injection-via-oz-parameter
disclosure@vulncheck.com
Broken Link
🔗
https://www.web-ofisi.com/detay/kurumsal-firma-v13-sinirsiz-dil.html
disclosure@vulncheck.com
Product
📦 Affected Products / CPE 1 entries
web-ofisi:firma:13.0.0