CVE-2023-4674 - OpenCVE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Yaztekteknoloji	E-commerce

Configuration 1 [-]

cpe:2.3:a:yaztekteknoloji:e-commerce:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-23-0741	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-12-29T14:38:40.026Z

Updated: 2023-12-29T14:38:40.026Z

Reserved: 2023-08-31T14:35:14.365Z

Link: CVE-2023-4674

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-29T15:15:09.497

Modified: 2024-01-08T17:16:09.257

Link: CVE-2023-4674

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4674", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-08-31T14:35:14.365Z", "datePublished": "2023-12-29T14:38:40.026Z", "dateUpdated": "2023-12-29T14:38:40.026Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "E-Commerce Software", "vendor": "Yaztek Software Technologies and Computer Systems", "versions": [{"lessThanOrEqual": "20231229", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Resul Melih MAC\u0130T"}], "datePublic": "2023-11-29T14:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.<p>This issue affects E-Commerce Software: through 20231229. \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-12-29T14:38:40.026Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0741"}], "source": {"advisory": "TR-23-0741", "defect": ["TR-23-0741"], "discovery": "UNKNOWN"}, "title": "SQLi in Yazteks E-Commerce Software", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}