Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390.
References (2)
Core 2
Core References
Third Party Advisory government-resource
broken-link
https://www.usom.gov.tr/bildirim/tr-23-0581
Government Resource government-resource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0581
Scores
CVSS v3
9.8
EPSS
0.0065
EPSS Percentile
46.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (2)
biltay/procost
< 1390
Biltay Technology/Procost
< 1390
Published
Oct 12, 2023
Tracked Since
Feb 18, 2026