CVE-2023-4671

CRITICAL

Talent Software ECOP < 32255 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection. This issue affects ECOP: before 32255.

References (2)

Core 2
Core References
Third Party Advisory government-resource broken-link
https://www.usom.gov.tr/bildirim/tr-23-0737

Scores

CVSS v3 9.8
EPSS 0.0065
EPSS Percentile 46.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (2)
Talent Software/ECOP < 32255
talentyazilim/ecop 32255
Published Dec 28, 2023
Tracked Since Feb 18, 2026