Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Kayisi: before 1286.
References (2)
Core 2
Core References
Third Party Advisory government-resource
broken-link
https://www.usom.gov.tr/bildirim/tr-23-0580
Government Resource government-resource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0580
Scores
CVSS v3
9.8
EPSS
0.0065
EPSS Percentile
46.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (2)
biltay/kayisi
< 1286
Biltay Technology/Kayisi
< 1286
Published
Oct 12, 2023
Tracked Since
Feb 18, 2026