CVE-2023-4832

CRITICAL9.8Injection

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection. This issue affects Company Management: before 3072 .

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Aceka / Company Management0 – 3072

References

MISChttps://www.usom.gov.tr/bildirim/tr-23-0523
MISChttps://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0523