CVE-2023-35068 - OpenCVE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Bma	Personnel Tracking System

Configuration 1 [-]

cpe:2.3:a:bma:personnel_tracking_system:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-23-0491	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-09-05T17:18:11.280Z

Updated: 2023-09-05T17:18:11.280Z

Reserved: 2023-06-12T19:32:44.799Z

Link: CVE-2023-35068

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-05T18:15:10.327

Modified: 2023-09-11T18:33:00.077

Link: CVE-2023-35068

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-35068", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-06-12T19:32:44.799Z", "datePublished": "2023-09-05T17:18:11.280Z", "dateUpdated": "2023-09-05T17:18:11.280Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Personnel Tracking System", "vendor": "BMA", "versions": [{"lessThan": "20230904", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gokhan UYGAN"}], "datePublic": "2023-09-05T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.<p>This issue affects Personnel Tracking System: before 20230904.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904.\n\n"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-09-05T17:18:11.280Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0491"}], "source": {"advisory": "TR-23-0491", "defect": ["TR-23-0491"], "discovery": "UNKNOWN"}, "title": "SQLi in BMAs Personnel Tracking System", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}