Description
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection.

This issue affects CBS Platform: through 09062026.  NOTE: The vendor was contacted and it was learned that the product is not supported.
Published: 2026-06-09
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CBS Platform contains an SQL injection flaw caused by improper neutralization of special elements in SQL commands. Attackers who can supply crafted input may manipulate the database, leading to unauthorized data disclosure, modification, or in some configurations to remote code execution. The vulnerability is a classic example of CWE‑89 and can be used to compromise sensitive data or the underlying system.

Affected Systems

MOSK Information Technologies Ltd. CBS Platform, versions up to and including 09062026. The vendor has indicated the product is no longer supported, and no official patch is available.

Risk and Exploitability

The CVSS score of 9.8 signals a severe flaw, while the EPSS score is not available, leaving the likelihood of exploitation uncertain. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is via exposed web interfaces or other entry points where user input is passed directly to the database. The lack of vendor support and high severity mean that organizations using this platform face a significant risk requiring prompt remediation.

Generated by OpenCVE AI on June 9, 2026 at 16:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Isolate the CBS Platform on a separate network segment and restrict inbound access to a limited set of trusted IPs or internal management networks.
  • Reduce the database account privileges used by the platform to the minimum necessary, ensuring it cannot perform DROP, ALTER, or EXECUTE operations on critical tables.
  • Replace the unsupported platform with a supported, actively maintained system, or if immediate replacement is infeasible, implement custom input validation that sanitizes SQL special characters before they reach the database layer.

Generated by OpenCVE AI on June 9, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Mosk
Mosk cbs Platform
Vendors & Products Mosk
Mosk cbs Platform

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Description Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026.  NOTE: The vendor was contacted and it was learned that the product is not supported.
Title SQLi in MOSK Informatics' CBS Platform
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Mosk Cbs Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-06-09T15:37:35.064Z

Reserved: 2026-05-06T07:16:33.818Z

Link: CVE-2026-8025

cve-icon Vulnrichment

Updated: 2026-06-09T15:37:31.022Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T16:16:44.320

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-8025

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:33Z

Weaknesses