CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2023-4541

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0120%
EPSS Percentile6.23th
Published2023年12月29日
Last Modified2026年5月21日

Vulnerability Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Platforms (CPE)

📦
Ween

Management Panel

<= 20231229

References & Advisories

🔗 https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0740
🔗 https://www.usom.gov.tr/bildirim/tr-23-0740
🔗 https://www.usom.gov.tr/bildirim/tr-23-0740

相關漏洞威脅

CVE-2019-111969.8

An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthen...

CVE-2017-171109.8

Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.

CVE-2018-171109.8

Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, a...

CVE-2019-184189.8

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because ther...