CVE-2023-4541 - OpenCVE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ween	Management Panel

Configuration 1 [-]

cpe:2.3:a:ween:management_panel:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-23-0740	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-12-29T14:34:05.937Z

Updated: 2023-12-29T14:34:05.937Z

Reserved: 2023-08-25T13:20:21.847Z

Link: CVE-2023-4541

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-29T15:15:09.267

Modified: 2024-01-08T18:49:41.183

Link: CVE-2023-4541

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4541", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-08-25T13:20:21.847Z", "datePublished": "2023-12-29T14:34:05.937Z", "dateUpdated": "2023-12-29T14:34:05.937Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Admin Panel", "vendor": "Ween Software", "versions": [{"lessThanOrEqual": "20231229", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u00d6mer Kaan CO\u015eKUN"}], "datePublic": "2023-12-29T14:33:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection.<p>This issue affects Admin Panel: through 20231229. \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel: through 20231229.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-12-29T14:34:05.937Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0740"}], "source": {"advisory": "TR-23-0740", "defect": ["TR-23-0740"], "discovery": "UNKNOWN"}, "title": "SQLi in Weens Admin Panel", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}