Impact
The vulnerability is an unvalidated SQL injection flaw that allows attackers to inject arbitrary SQL commands into the Destekz application. If leveraged, an attacker could read, modify, delete or exfiltrate data stored in the backend database, potentially leading to nondisclosure, alteration, or loss of sensitive information. The weakness is identified as CWE-89. The impact is limited to the data the attacker gains access to, but the lack of input validation means complete control over the database is possible.
Affected Systems
Raera – Ankara Web Design and Digital Advertising Agency’s Destekz application is affected. The vulnerability applies to all releases up to and including version dated 02062026. No newer supported versions exist, as the product is no longer maintained by the vendor.
Risk and Exploitability
The CVSS score of 9.8 denotes a critical severity level. The EPSS score is not available, which does not indicate a low risk; absence of data means the exploitation probability remains unknown. The vulnerability is not listed in the CISA KEV catalog. Attackers can potentially exploit the flaw through the web interface that accepts unsanitized user input. Given the product is unsupported, no patch or official fix exists, elevating the risk substantially.
OpenCVE Enrichment