CVE-2024-1153

MEDIUM

Talya Informatics Travel APPS <v17.0.68 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APPS: before v17.0.68.

References (2)

Core 2
Core References
Broken Link government-resource broken-link
https://www.usom.gov.tr/bildirim/tr-24-0809

Scores

CVSS v3 4.6
EPSS 0.0029
EPSS Percentile 20.6%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
Talya Informatics/Travel APPS < v17.0.68
talyabilisim/travel_apps < 17.0.68
Published Jun 27, 2024
Tracked Since Feb 18, 2026