CVE-2024-8259

CRITICAL

Eryaz NatraCar <09.12.2024 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection. This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was contacted and it was learned that the product is not supported.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource government-resource broken-link
https://www.usom.gov.tr/bildirim/tr-24-1881

Scores

CVSS v3 9.8
EPSS 0.0043
EPSS Percentile 34.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Eryaz Information Technologies/NatraCar B2B Dealer Management Program < 09.12.2024
Published Dec 09, 2024
Tracked Since Feb 18, 2026