Search criteria
1 vulnerability by pttemkart
CVE-2023-1267 (GCVE-0-2023-1267)
Vulnerability from cvelistv5 – Published: 2023-03-08 11:03 – Updated: 2026-06-01 11:14
VLAI
Title
SQLi in Ulkem Company's PtteM Kart
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.
This issue affects PtteM Kart: before 2.1.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0133 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ulkem Company | PtteM Kart |
Affected:
0 , < 2.1
(custom)
|
Date Public
2023-03-08 11:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0133"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T18:30:57.744323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T18:31:17.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PtteM Kart",
"vendor": "Ulkem Company",
"versions": [
{
"lessThan": "2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Omer Fatih YEGIN"
}
],
"datePublic": "2023-03-08T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Ulkem Company PtteM Kart.\u003cp\u003eThis issue affects PtteM Kart: before 2.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Ulkem Company PtteM Kart.\n\nThis issue affects PtteM Kart: before 2.1."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T11:14:11.348Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0133"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0133"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the software version to \u0026gt;=2.1"
}
],
"value": "Update the software version to \u003e=2.1"
}
],
"source": {
"advisory": "TR-23-0133",
"defect": [
"TR-23-0133"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-03-07T18:00:00.000Z",
"value": "Vulnerability detected"
},
{
"lang": "en",
"time": "2023-03-08T08:00:00.000Z",
"value": "Vendor informed about vulnerability"
},
{
"lang": "en",
"time": "2023-03-08T08:40:00.000Z",
"value": "Vulnerability fixed by the vendor"
},
{
"lang": "en",
"time": "2023-03-08T08:50:00.000Z",
"value": "Vulnerability fix confirmed by the TR-CERT"
},
{
"lang": "en",
"time": "2023-03-08T10:45:00.000Z",
"value": "TR-23-0133 Security Bulletin published by the TR-CERT"
},
{
"lang": "en",
"time": "2023-03-08T11:00:00.000Z",
"value": "CVE Published"
}
],
"title": "SQLi in Ulkem Company\u0027s PtteM Kart",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2023-1267",
"datePublished": "2023-03-08T11:03:08.543Z",
"dateReserved": "2023-03-08T08:16:20.262Z",
"dateUpdated": "2026-06-01T11:14:11.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}