← back
CVE-2024-1153

SQL Injection Vulnerability in Talya Informatics' Travel APPS

CVSS 4.6 MEDIUMEPSS 0.3%CWE-89
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Jun 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APPS: before v17.0.68.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Talya Informatics · Travel APPS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0809https://www.usom.gov.tr/bildirim/tr-24-0809