Hüseyin Üzüm

**Name of the Vulnerable Software and Affected Versions** Sufirmam versions through 23012026 **Description** A weakness in the password recovery mechanism allows for authentication bypass and password recovery exploitation in Sufirmam. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Birebirsoft Software and Technology Solutions Sufirmam versions through 23012026 **Description** The software exhibits issues related to excessive authentication attempts and a weak password recovery mechanism. This allows for potential brute force attacks and exploitation of the password recovery process. **Recommendations** Versions through 23012026 should be updated to a newer version that addresses these authentication and password recovery weaknesses.

**Name of the Vulnerable Software and Affected Versions** Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - Netsis Panel versions through 20251003 **Description** An issue exists in Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - Netsis Panel related to improper neutralization of special elements used in an SQL command, leading to a SQL Injection condition. This also involves an authorization bypass through user-controlled key. The vulnerability allows for SQL Injection attacks. The vulnerable component is susceptible to exploitation via crafted SQL commands. **Recommendations** Update Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - Netsis Panel to a version beyond 20251003.

**Name of the Vulnerable Software and Affected Versions** E1 Informatics Web Application versions through 20250916 **Description** The E1 Informatics Web Application contains a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows attackers to perform malicious SQL commands. The vendor has not yet completed the fixing process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Case ERP versions prior to V2.0.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. There is a critical SQL Injection vulnerability discovered in the affected software. Recommendations: For versions prior to V2.0.1, update to V2.0.1 or later to patch this security flaw and prevent exploitation. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB (affected versions not specified) Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows attackers to manipulate data. The vendor's response regarding the fixing process is pending, and an update is expected when new information becomes available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Eron Software Wowwo CRM (affected versions not specified) Description: The issue is related to an SQL Injection flaw, specifically a Blind SQL Injection vulnerability, due to the improper neutralization of special elements used in an SQL command. This poses a cyber threat. The vendor's response to fix the issue remains unknown. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.