Pınar Taşğin

Name of the Vulnerable Software and Affected Versions: Mavi Yeşil Software Guest Tracking Software (affected versions not specified) Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. This allows for SQL Injection attacks. The vendor has not yet informed about the completion of the fixing process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Semtek Sempos versions through 31072024 **Description** The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, which affects Semtek Sempos. This vulnerability is due to the improper neutralization of special elements used in an SQL command. **Recommendations** For Semtek Sempos versions through 31072024, consider disabling any functionality that allows user input to be executed as SQL commands until a patch is available. Restrict access to sensitive data and modules to minimize the risk of exploitation. Avoid using user-supplied input in SQL queries to prevent injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Semtek Sempos versions through 31072024 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This problem allows for Reflected XSS in Semtek Sempos. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions through 31072024, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially vulnerable API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Semtek Sempos versions through 31072024 **Description** The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows unauthorized database access. **Recommendations** Update to version 31072024 to patch the issue. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation. Avoid using user-input data in SQL commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NACPremium versions through 01082024 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the fact that it is a Stored XSS vulnerability, which means that an attacker can inject malicious code into a website, and this code will be stored on the server. When other users access the website, the malicious code will be executed. **Recommendations** For versions through 01082024, upgrade to a supported version as soon as possible if available. As a temporary workaround, consider monitoring for signs of exploit and applying any available patches. Restrict access to vulnerable components to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NACPremium versions through 01082024 **Description** A Cleartext Storage of Sensitive Information issue exists in NAC Telecommunication Systems Inc. NACPremium, allowing the retrieval of embedded sensitive data. **Recommendations** For NACPremium versions through 01082024, upgrade to a supported version as soon as possible to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** NACPremium versions through 01082024 **Description** The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows for Blind SQL Injection, which can potentially compromise data. The estimated number of affected devices is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of SQL commands, but specific API endpoints, vulnerable parameters, or function names are not mentioned. **Recommendations** For NACPremium versions through 01082024, update to a supported version immediately to reduce exposure and prevent data compromise. As a temporary workaround, consider restricting access to sensitive data until a patch is available. Prioritize upgrading to prevent potential cyber attacks. At the moment, there is no information about a specific newer version that contains a fix for this vulnerability, but upgrading to a supported version is recommended.