CVE-2024-6699

CRITICAL

Mikafon MA7 3.0-3.1 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection. This issue affects Mikafon MA7: from v3.0 before v3.1.

References (2)

Core 2
Core References
Not Applicable broken-link government-resource
https://www.usom.gov.tr/bildirim/tr-24-1105

Scores

CVSS v3 9.8
EPSS 0.0042
EPSS Percentile 33.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
mikafon/ma7_firmware 3.0 - 3.1
Mikafon Electronic Inc./Mikafon MA7 v3.0 - v3.1
Published Jul 30, 2024
Tracked Since Feb 18, 2026