CyberSec.Space Logo
Back to CVE Browser

CVE-2023-4541

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0120%
EPSS Percentile6.23th
PublishedDec 29, 2023
Last ModifiedMay 21, 2026

Vulnerability Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Platforms (CPE)

📦
Ween

Management Panel

<= 20231229

References & Advisories

🔗 https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0740
🔗 https://www.usom.gov.tr/bildirim/tr-23-0740
🔗 https://www.usom.gov.tr/bildirim/tr-23-0740

Related Vulnerabilities

CVE-2019-111969.8

An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthen...

CVE-2017-171109.8

Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.

CVE-2018-171109.8

Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, a...

CVE-2019-184189.8

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because ther...