{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2851", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-05-23T18:25:17.566Z", "datePublished": "2023-05-25T13:37:23.200Z", "dateUpdated": "2024-08-02T06:33:05.700Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Ceppatron", "vendor": "AGT Tech", "versions": [{"status": "affected", "version": "0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Omer Fatih YEGIN"}], "datePublic": "2023-05-25T13:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.<p>This issue affects all versions of the sofware also EOS when CVE-ID assigned.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.\n\n"}], "impacts": [{"capecId": "CAPEC-108", "descriptions": [{"lang": "en", "value": "CAPEC-108 Command Line Execution through SQL Injection"}]}, {"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-07-26T09:05:07.059Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0294"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The software is End-of-Support. \u0131t is recommended not to use Ceppatron."}], "value": "The software is End-of-Support. \u0131t is recommended not to use Ceppatron."}], "source": {"advisory": "TR-23-0294", "defect": ["TR-23-0294"], "discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned"], "title": "SQLi in Ceppatron", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2851", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T20:05:51.832558Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:agtteknik:ceppatron:-:*:*:*:*:*:*:*"], "vendor": "agtteknik", "product": "ceppatron", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:16:51.736Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.700Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0294"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0294", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.700Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2851", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T20:05:51.832558Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:agtteknik:ceppatron:-:*:*:*:*:*:*:*"], "vendor": "agtteknik", "product": "ceppatron", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-20T20:06:39.247Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"tags": ["unsupported-when-assigned"], "title": "SQLi in Ceppatron", "source": {"defect": ["TR-23-0294"], "advisory": "TR-23-0294", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Omer Fatih YEGIN"}], "impacts": [{"capecId": "CAPEC-108", "descriptions": [{"lang": "en", "value": "CAPEC-108 Command Line Execution through SQL Injection"}]}, {"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AGT Tech", "product": "Ceppatron", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The software is End-of-Support. \u0131t is recommended not to use Ceppatron.", "supportingMedia": [{"type": "text/html", "value": "The software is End-of-Support. \u0131t is recommended not to use Ceppatron.", "base64": false}]}], "datePublic": "2023-05-25T13:30:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0294", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.<p>This issue affects all versions of the sofware also EOS when CVE-ID assigned.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-07-26T09:05:07.059Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2851", "state": "PUBLISHED", "dateUpdated": "2024-08-02T06:33:05.700Z", "dateReserved": "2023-05-23T18:25:17.566Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2023-05-25T13:37:23.200Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:agtteknik:ceppatron:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C6AD692-9F59-4038-8542-2D041ACDB019", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "iletisim@usom.gov.tr", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.\n\n"}], "id": "CVE-2023-2851", "lastModified": "2024-11-21T07:59:25.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2023-05-25T14:15:10.557", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0294"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}

{}