Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion.

This issue affects Library Automation System: from v.19.5 before v.22.1.
Published: 2026-05-14
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Library Automation System contains an improper control of code generation flaw that allows attackers to inject and execute arbitrary PHP code via the system’s input processing. Exploiting this flaw can give the attacker full remote code execution on the server. The vulnerability is categorized as CWE‑94, a code‑injection weakness.

Affected Systems

Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System versions 19.5 through 22.0 are vulnerable. Version 22.1 and later contain the fix.

Risk and Exploitability

The CVSS score of 8.8 classifies the flaw as high severity. Although its EPSS score is not available, the absence of a currently available public exploit and its inclusion in the high‑severity band still make it a serious attack vector. The issue is not listed in the CISA KEV catalog. Attackers could reach the vulnerable input endpoints over the network, implying a remote attack vector.

Generated by OpenCVE AI on May 14, 2026 at 19:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact the vendor to obtain the latest patch or upgrade path for the Library Automation System.
  • Upgrade to Library Automation System version 22.1 or later to eliminate the code‑injection flaw.
  • Implement network segmentation and firewall rules to restrict external access to the Library Automation System, limiting opportunities for remote exploitation.

Generated by OpenCVE AI on May 14, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Yordam
Yordam library Automation System
Vendors & Products Yordam
Yordam library Automation System

Thu, 14 May 2026 18:15:00 +0000

Type Values Removed Values Added
Description Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22.1.
Title RCE in Yordam Informatics' Library Automation System
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Yordam Library Automation System
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-05-14T19:33:23.353Z

Reserved: 2025-12-22T07:58:38.095Z

Link: CVE-2025-15024

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-14T18:16:35.063

Modified: 2026-05-14T18:19:37.060

Link: CVE-2025-15024

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:09:06Z

Weaknesses