Description
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection.

This issue affects E-Commerce Website: before 4.5.001.
Published: 2026-05-12
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of special elements used in an SQL command allows an attacker to inject arbitrary SQL queries. This can result in unauthorized reading, modification, or deletion of database records, potentially exposing sensitive customer information and disrupting business operations. The weakness is a classic SQL injection flaw, classified as CWE-89.

Affected Systems

Akilli Commerce Software Technologies Ltd. Co. provides an E‑Commerce Website that is vulnerable in all releases prior to version 4.5.001. Only the indicated product and these versions are affected; it is not confirmed whether later releases contain a fix.

Risk and Exploitability

The CVSS score of 9.8 indicates a high severity level, and the EPSS score is not available, which neither confirms nor denies current exploitation prevalence. Based on the description, it is inferred that the vulnerability could be exploited remotely via the web interface, requiring an attacker to supply malicious input to any unauthenticated or authenticated endpoint that accepts user data. With no recorded KEV listing, the risk remains high but not yet confirmed in real‑world exploitation scenarios.

Generated by OpenCVE AI on May 12, 2026 at 12:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the E‑Commerce Website to version 4.5.001 or newer, if the vendor has released a patch addressing this issue.
  • If an immediate upgrade is not possible, restrict user access to the affected input fields, enforce strict input validation, and replace dynamic SQL with parameterized queries to mitigate the injection.
  • Perform static and dynamic application security scans to confirm that injection points have been eliminated and monitor application logs for attempts to inject malicious queries.

Generated by OpenCVE AI on May 12, 2026 at 12:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Akilli Commerce Software Technologies Ltd. Co.
Akilli Commerce Software Technologies Ltd. Co. e-commerce Website
Vendors & Products Akilli Commerce Software Technologies Ltd. Co.
Akilli Commerce Software Technologies Ltd. Co. e-commerce Website

Tue, 12 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This issue affects E-Commerce Website: before 4.5.001.
Title SQLi in Akilli Commerce's E-Commerce Website
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Akilli Commerce Software Technologies Ltd. Co. E-commerce Website
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-05-12T12:22:09.578Z

Reserved: 2025-06-24T14:41:27.205Z

Link: CVE-2025-6577

cve-icon Vulnrichment

Updated: 2026-05-12T12:22:03.032Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T10:16:43.647

Modified: 2026-05-12T16:47:58.570

Link: CVE-2025-6577

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:39:08Z

Weaknesses