CVE-2024-7026

EUVD-2024-48829
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknogis Informatics Closed Circuit Vehicle Tracking Software allows SQL Injection, Blind SQL Injection.This issue affects Closed Circuit Vehicle Tracking Software: through 21.11.2024.


NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
teknogis_informaticsclose_circuit_vehicle_tracking_software
𝑥
≤ 21.11.2024
ADP
Common Weakness Enumeration
References
https://www.usom.gov.tr/bildirim/tr-24-1866