CVE-2023-4530 - OpenCVE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Turnatasarim	Advertising Administration Panel

Configuration 1 [-]

cpe:2.3:a:turnatasarim:advertising_administration_panel:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-23-0571	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-10-06T09:16:01.277Z

Updated: 2023-10-06T09:16:01.277Z

Reserved: 2023-08-25T06:26:22.321Z

Link: CVE-2023-4530

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-06T10:15:18.630

Modified: 2023-10-11T17:19:19.627

Link: CVE-2023-4530

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4530", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-08-25T06:26:22.321Z", "datePublished": "2023-10-06T09:16:01.277Z", "dateUpdated": "2023-10-06T09:16:01.277Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Advertising Administration Panel", "vendor": "Turna", "versions": [{"lessThan": "1.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Resul Melih MACIT"}], "datePublic": "2023-10-06T09:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.<p>This issue affects Advertising Administration Panel: before 1.1.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.\n\n"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-10-06T09:16:01.277Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0571"}], "source": {"advisory": "TR-23-0571", "defect": ["TR-23-0571"], "discovery": "UNKNOWN"}, "title": "SQLi in Turna Media's Advertising Administration Panel", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}