Search criteria
1 vulnerability by Mydata Informatics
CVE-2025-2812 (GCVE-0-2025-2812)
Vulnerability from cvelistv5 – Published: 2025-05-02 08:24 – Updated: 2025-05-28 18:05
VLAI?
Title
SQLi in Mydata Informatics' Ticket Sales Automation
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.This issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mydata Informatics | Ticket Sales Automation |
Affected:
0 , < 03.04.2025 (DD.MM.YYYY)
(custom)
|
Credits
Hasan Yasin YASAR
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T18:04:40.114194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T18:05:49.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ticket Sales Automation",
"vendor": "Mydata Informatics",
"versions": [
{
"lessThan": "03.04.2025 (DD.MM.YYYY)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hasan Yasin YASAR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.\u003cp\u003eThis issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.This issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY)."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T14:45:44.734Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.usom.gov.tr/bildirim/tr-25-0099"
},
{
"tags": [
"technical-description"
],
"url": "https://github.com/sahici/CVE-2025-2812/"
}
],
"source": {
"advisory": "TR-25-0099",
"defect": [
"TR-25-0099"
],
"discovery": "EXTERNAL"
},
"title": "SQLi in Mydata Informatics\u0027 Ticket Sales Automation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-2812",
"datePublished": "2025-05-02T08:24:39.851Z",
"dateReserved": "2025-03-26T12:22:29.323Z",
"dateUpdated": "2025-05-28T18:05:49.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}