Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by miateknoloji

    CVE-2023-6519 (GCVE-0-2023-6519)

    Vulnerability from nvd – Published: 2024-02-08 11:50 – Updated: 2026-05-20 10:54
    VLAI
    Title
    Seeing admin password hash value in Mia Technology's Mia-Med
    Summary
    Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-488 - Exposure of Data Element to Wrong Session
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mia Technology Inc. MİA-MED Affected: 0 , < 1.0.7 (custom)
    Create a notification for this product.
    Date Public
    2024-02-08 11:50
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:13.880Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-08T17:50:24.456712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:29.062Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "M\u0130A-MED",
              "vendor": "Mia Technology Inc.",
              "versions": [
                {
                  "lessThan": "1.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2024-02-08T11:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.\u003cp\u003eThis issue affects M\u0130A-MED: before 1.0.7.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.\n\nThis issue affects M\u0130A-MED: before 1.0.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191 Read Sensitive Strings Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-488",
                  "description": "CWE-488 Exposure of Data Element to Wrong Session",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:54:18.318Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0087"
            }
          ],
          "source": {
            "advisory": "TR-24-0087",
            "defect": [
              "TR-24-0087"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Seeing admin password hash value in Mia Technology\u0027s Mia-Med",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2023-6519",
        "datePublished": "2024-02-08T11:50:58.838Z",
        "dateReserved": "2023-12-05T12:01:24.080Z",
        "dateUpdated": "2026-05-20T10:54:18.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6518 (GCVE-0-2023-6518)

    Vulnerability from nvd – Published: 2024-02-08 11:46 – Updated: 2026-05-20 10:55
    VLAI
    Title
    Password Disclosure in Mia Technology's Mia-Med
    Summary
    Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-256 - Plaintext Storage of a Password
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mia Technology Inc. MİA-MED Affected: 0 , < 1.0.7 (custom)
    Create a notification for this product.
    Date Public
    2024-02-08 11:45
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:13.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6518",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:05.647843Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-15T19:40:49.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "M\u0130A-MED",
              "vendor": "Mia Technology Inc.",
              "versions": [
                {
                  "lessThan": "1.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2024-02-08T11:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Plaintext Storage of a Password vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.\u003cp\u003eThis issue affects M\u0130A-MED: before 1.0.7.\u003c/p\u003e"
                }
              ],
              "value": "Plaintext Storage of a Password vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.\n\nThis issue affects M\u0130A-MED: before 1.0.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191 Read Sensitive Strings Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-256",
                  "description": "CWE-256 Plaintext Storage of a Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:55:42.558Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0087"
            }
          ],
          "source": {
            "advisory": "TR-24-0087",
            "defect": [
              "TR-24-0087"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Password Disclosure in Mia Technology\u0027s Mia-Med",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2023-6518",
        "datePublished": "2024-02-08T11:46:17.475Z",
        "dateReserved": "2023-12-05T11:55:24.557Z",
        "dateUpdated": "2026-05-20T10:55:42.558Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6517 (GCVE-0-2023-6517)

    Vulnerability from nvd – Published: 2024-02-08 11:41 – Updated: 2026-05-20 10:56
    VLAI
    Title
    Seeing the SMS Verification Code in Mia Technology's Mia-Med
    Summary
    Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-213 - Exposure of Sensitive Information Due to Incompatible Policies
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mia Technology Inc. MİA-MED Affected: 0 , < 1.0.7 (custom)
    Create a notification for this product.
    Date Public
    2024-02-08 11:40
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.473Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-08T17:40:57.964064Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T19:50:05.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "M\u0130A-MED",
              "vendor": "Mia Technology Inc.",
              "versions": [
                {
                  "lessThan": "1.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2024-02-08T11:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M\u0130A-MED allows Collect Data as Provided by Users.\u003cp\u003eThis issue affects M\u0130A-MED: before 1.0.7.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M\u0130A-MED allows Collect Data as Provided by Users.\n\nThis issue affects M\u0130A-MED: before 1.0.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-569",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-569 Collect Data as Provided by Users"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-213",
                  "description": "CWE-213 Exposure of Sensitive Information Due to Incompatible Policies",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:56:42.256Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0087"
            }
          ],
          "source": {
            "advisory": "TR-24-0087",
            "defect": [
              "TR-24-0087"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Seeing the SMS Verification Code in Mia Technology\u0027s Mia-Med",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2023-6517",
        "datePublished": "2024-02-08T11:41:09.482Z",
        "dateReserved": "2023-12-05T11:43:19.123Z",
        "dateUpdated": "2026-05-20T10:56:42.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6515 (GCVE-0-2023-6515)

    Vulnerability from nvd – Published: 2024-02-08 09:43 – Updated: 2026-05-20 10:58
    VLAI
    Title
    IDOR in Mia Technology's Mia-Med
    Summary
    Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mia Technology Inc. MİA-MED Affected: 0 , < 1.0.7 (custom)
    Create a notification for this product.
    Date Public
    2024-02-08 09:45
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6515",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-08T17:53:11.328525Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:28.896Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "M\u0130A-MED",
              "vendor": "Mia Technology Inc.",
              "versions": [
                {
                  "lessThan": "1.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2024-02-08T09:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M\u0130A-MED allows Authentication Abuse.\u003cp\u003eThis issue affects M\u0130A-MED: before 1.0.7.\u003c/p\u003e"
                }
              ],
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M\u0130A-MED allows Authentication Abuse.\n\nThis issue affects M\u0130A-MED: before 1.0.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:58:08.099Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0087"
            }
          ],
          "source": {
            "advisory": "TR-24-0087",
            "defect": [
              "TR-24-0087"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "IDOR in Mia Technology\u0027s Mia-Med",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2023-6515",
        "datePublished": "2024-02-08T09:43:20.064Z",
        "dateReserved": "2023-12-05T09:17:35.503Z",
        "dateUpdated": "2026-05-20T10:58:08.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-3760 (GCVE-0-2022-3760)

    Vulnerability from nvd – Published: 2023-03-07 08:37 – Updated: 2026-05-20 06:47
    VLAI
    Title
    SQLi in Mia-Med
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med. This issue affects Mia-Med: before 1.0.0.58.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mia Technology Mia-Med Affected: 0 , < 1.0.0.58 (custom)
    Create a notification for this product.
    Date Public
    2023-03-07 08:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:57.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-23-0130"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3760",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T14:47:56.995778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T14:48:20.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mia-Med",
              "vendor": "Mia Technology",
              "versions": [
                {
                  "lessThan": "1.0.0.58",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-03-07T08:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Mia Technology Mia-Med.\u003cp\u003eThis issue affects Mia-Med: before 1.0.0.58.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Mia Technology Mia-Med.\n\nThis issue affects Mia-Med: before 1.0.0.58."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T06:47:52.889Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-23-0130"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0130"
            }
          ],
          "source": {
            "advisory": "TR-23-0130",
            "defect": [
              "TR-23-0130"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "SQLi in Mia-Med",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2022-3760",
        "datePublished": "2023-03-07T08:37:30.992Z",
        "dateReserved": "2022-10-31T06:48:47.522Z",
        "dateUpdated": "2026-05-20T06:47:52.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6519 (GCVE-0-2023-6519)

    Vulnerability from cvelistv5 – Published: 2024-02-08 11:50 – Updated: 2026-05-20 10:54
    VLAI
    Title
    Seeing admin password hash value in Mia Technology's Mia-Med
    Summary
    Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-488 - Exposure of Data Element to Wrong Session
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mia Technology Inc. MİA-MED Affected: 0 , < 1.0.7 (custom)
    Create a notification for this product.
    Date Public
    2024-02-08 11:50
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:13.880Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-08T17:50:24.456712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:29.062Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "M\u0130A-MED",
              "vendor": "Mia Technology Inc.",
              "versions": [
                {
                  "lessThan": "1.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2024-02-08T11:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.\u003cp\u003eThis issue affects M\u0130A-MED: before 1.0.7.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.\n\nThis issue affects M\u0130A-MED: before 1.0.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191 Read Sensitive Strings Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-488",
                  "description": "CWE-488 Exposure of Data Element to Wrong Session",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:54:18.318Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0087"
            }
          ],
          "source": {
            "advisory": "TR-24-0087",
            "defect": [
              "TR-24-0087"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Seeing admin password hash value in Mia Technology\u0027s Mia-Med",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2023-6519",
        "datePublished": "2024-02-08T11:50:58.838Z",
        "dateReserved": "2023-12-05T12:01:24.080Z",
        "dateUpdated": "2026-05-20T10:54:18.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6518 (GCVE-0-2023-6518)

    Vulnerability from cvelistv5 – Published: 2024-02-08 11:46 – Updated: 2026-05-20 10:55
    VLAI
    Title
    Password Disclosure in Mia Technology's Mia-Med
    Summary
    Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-256 - Plaintext Storage of a Password
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mia Technology Inc. MİA-MED Affected: 0 , < 1.0.7 (custom)
    Create a notification for this product.
    Date Public
    2024-02-08 11:45
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:13.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6518",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:05.647843Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-15T19:40:49.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "M\u0130A-MED",
              "vendor": "Mia Technology Inc.",
              "versions": [
                {
                  "lessThan": "1.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2024-02-08T11:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Plaintext Storage of a Password vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.\u003cp\u003eThis issue affects M\u0130A-MED: before 1.0.7.\u003c/p\u003e"
                }
              ],
              "value": "Plaintext Storage of a Password vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.\n\nThis issue affects M\u0130A-MED: before 1.0.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191 Read Sensitive Strings Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-256",
                  "description": "CWE-256 Plaintext Storage of a Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:55:42.558Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0087"
            }
          ],
          "source": {
            "advisory": "TR-24-0087",
            "defect": [
              "TR-24-0087"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Password Disclosure in Mia Technology\u0027s Mia-Med",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2023-6518",
        "datePublished": "2024-02-08T11:46:17.475Z",
        "dateReserved": "2023-12-05T11:55:24.557Z",
        "dateUpdated": "2026-05-20T10:55:42.558Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6517 (GCVE-0-2023-6517)

    Vulnerability from cvelistv5 – Published: 2024-02-08 11:41 – Updated: 2026-05-20 10:56
    VLAI
    Title
    Seeing the SMS Verification Code in Mia Technology's Mia-Med
    Summary
    Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-213 - Exposure of Sensitive Information Due to Incompatible Policies
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mia Technology Inc. MİA-MED Affected: 0 , < 1.0.7 (custom)
    Create a notification for this product.
    Date Public
    2024-02-08 11:40
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.473Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-08T17:40:57.964064Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T19:50:05.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "M\u0130A-MED",
              "vendor": "Mia Technology Inc.",
              "versions": [
                {
                  "lessThan": "1.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2024-02-08T11:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M\u0130A-MED allows Collect Data as Provided by Users.\u003cp\u003eThis issue affects M\u0130A-MED: before 1.0.7.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M\u0130A-MED allows Collect Data as Provided by Users.\n\nThis issue affects M\u0130A-MED: before 1.0.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-569",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-569 Collect Data as Provided by Users"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-213",
                  "description": "CWE-213 Exposure of Sensitive Information Due to Incompatible Policies",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:56:42.256Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0087"
            }
          ],
          "source": {
            "advisory": "TR-24-0087",
            "defect": [
              "TR-24-0087"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Seeing the SMS Verification Code in Mia Technology\u0027s Mia-Med",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2023-6517",
        "datePublished": "2024-02-08T11:41:09.482Z",
        "dateReserved": "2023-12-05T11:43:19.123Z",
        "dateUpdated": "2026-05-20T10:56:42.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6515 (GCVE-0-2023-6515)

    Vulnerability from cvelistv5 – Published: 2024-02-08 09:43 – Updated: 2026-05-20 10:58
    VLAI
    Title
    IDOR in Mia Technology's Mia-Med
    Summary
    Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mia Technology Inc. MİA-MED Affected: 0 , < 1.0.7 (custom)
    Create a notification for this product.
    Date Public
    2024-02-08 09:45
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6515",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-08T17:53:11.328525Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:28.896Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "M\u0130A-MED",
              "vendor": "Mia Technology Inc.",
              "versions": [
                {
                  "lessThan": "1.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2024-02-08T09:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M\u0130A-MED allows Authentication Abuse.\u003cp\u003eThis issue affects M\u0130A-MED: before 1.0.7.\u003c/p\u003e"
                }
              ],
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M\u0130A-MED allows Authentication Abuse.\n\nThis issue affects M\u0130A-MED: before 1.0.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:58:08.099Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-0087"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0087"
            }
          ],
          "source": {
            "advisory": "TR-24-0087",
            "defect": [
              "TR-24-0087"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "IDOR in Mia Technology\u0027s Mia-Med",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2023-6515",
        "datePublished": "2024-02-08T09:43:20.064Z",
        "dateReserved": "2023-12-05T09:17:35.503Z",
        "dateUpdated": "2026-05-20T10:58:08.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-3760 (GCVE-0-2022-3760)

    Vulnerability from cvelistv5 – Published: 2023-03-07 08:37 – Updated: 2026-05-20 06:47
    VLAI
    Title
    SQLi in Mia-Med
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med. This issue affects Mia-Med: before 1.0.0.58.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mia Technology Mia-Med Affected: 0 , < 1.0.0.58 (custom)
    Create a notification for this product.
    Date Public
    2023-03-07 08:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:57.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-23-0130"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3760",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T14:47:56.995778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T14:48:20.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mia-Med",
              "vendor": "Mia Technology",
              "versions": [
                {
                  "lessThan": "1.0.0.58",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-03-07T08:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Mia Technology Mia-Med.\u003cp\u003eThis issue affects Mia-Med: before 1.0.0.58.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Mia Technology Mia-Med.\n\nThis issue affects Mia-Med: before 1.0.0.58."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T06:47:52.889Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-23-0130"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0130"
            }
          ],
          "source": {
            "advisory": "TR-23-0130",
            "defect": [
              "TR-23-0130"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "SQLi in Mia-Med",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2022-3760",
        "datePublished": "2023-03-07T08:37:30.992Z",
        "dateReserved": "2022-10-31T06:48:47.522Z",
        "dateUpdated": "2026-05-20T06:47:52.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }