CVE-2024-8259
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.
This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024.
NOTE: The vendor was contacted and it was learned that the product is not supported.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Eryaz Information Technologies | NatraCar B2B Dealer Management Program | 0 <= 09.12.2024 | affected |
Weaknesses
- CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.usom.gov.tr/bildirim/tr-24-1881
- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1881
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.