CVE-2026-6008

MEDIUM

IDOR in Im Park's DijiDemi

Title source: cna

Description

Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. This issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0.

References (1)

Core 1

Core References

Government Resource government-resource

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0239

Scores

CVSS v3 6.8

EPSS 0.0022

EPSS Percentile 12.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-639

Status published

Products (1)

Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co./DijiDemi v4.5.12.1 - v4.5.13.0

Published May 14, 2026

Tracked Since May 14, 2026