CVE-2023-6191

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-24-0253	Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-24-0253	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:webpdks:webpdks:-:*:*:*:*:*:*:*

History

19 Mar 2025, 14:45

Type	Values Removed	Values Added
First Time		Webpdks Webpdks webpdks
References	~~() https://www.usom.gov.tr/bildirim/tr-24-0253 -~~	() https://www.usom.gov.tr/bildirim/tr-24-0253 - Third Party Advisory
CPE		cpe:2.3:a:webpdks:webpdks:-:::::::*

21 Nov 2024, 08:43

Type	Values Removed	Values Added
Summary		(es) La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Egehan Security WebPDKS permite la inyección SQL. Este problema afecta a WebPDKS: hasta 20240329. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
References	~~() https://www.usom.gov.tr/bildirim/tr-24-0253 -~~	() https://www.usom.gov.tr/bildirim/tr-24-0253 -

29 Mar 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-29 12:15

Updated : 2025-03-19 14:45

NVD link : CVE-2023-6191

Mitre link : CVE-2023-6191

CVE.ORG link : CVE-2023-6191

JSON object : View

Products Affected

webpdks

webpdks

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

9.8 /10