Serhat Yapici

**Name of the Vulnerable Software and Affected Versions** EXERT Computer Technologies Software Ltd. Co. Education Management System versions through 23.09.2025 **Description** An authorization bypass exists due to user-controlled key functionality, enabling parameter injection within the Education Management System. This allows unauthorized access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DECE Software Geodi versions prior to 9.0.146 **Description** The software contains an Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability, which allows for HTTP Request Splitting. **Recommendations** Update to GEODI Setup 9.0.146 or later.

**Name of the Vulnerable Software and Affected Versions** DECE Software Geodi versions prior to 9.0.146 **Description** The software contains an Improper Neutralization of Input During Web Page Generation, which allows for Cross-Site Scripting (XSS). This issue can potentially allow attackers to inject malicious scripts into web pages viewed by other users. **Recommendations** Update DECE Software Geodi to version 9.0.146 or later.

**Name of the Vulnerable Software and Affected Versions** CyberMath versions before CYBM.240816253 **Description** The issue affects National Keep Cyber Security Services' CyberMath, allowing external parties to access files or directories and collect data from common resource locations. **Recommendations** For versions before CYBM.240816253, upgrade the affected component immediately to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** CyberMath versions prior to CYBM.240816253 **Description** The issue is related to an Incorrect Authorization vulnerability in CyberMath, which allows accessing functionality not properly constrained by ACLs. This flaw exists in National Keep Cyber Security Services' CyberMath. **Recommendations** For versions prior to CYBM.240816253, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to functionality that is not properly constrained by ACLs until a patch is available.

Name of the Vulnerable Software and Affected Versions: Eliz Software Panel versions prior to 2.3.24 Description: The issue is related to the plaintext storage of a password in Eliz Software Panel, allowing the use of known domain credentials. Recommendations: For versions prior to 2.3.24, update to version 2.3.24 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Eliz Software Panel versions prior to 2.3.24 Description: The issue is related to an SQL Injection vulnerability, which allows for Command Line Execution through SQL Injection. This is due to the improper neutralization of special elements used in an SQL command. Recommendations: For versions prior to 2.3.24, update to version 2.3.24 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive SQL commands to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Eliz Software Panel versions prior to 2.3.24 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. Recommendations: For versions prior to 2.3.24, update to version 2.3.24 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Eliz Software Panel versions prior to 2.3.24 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Reflected XSS attacks. **Recommendations** For versions prior to 2.3.24, update to version 2.3.24 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Eliz Software Panel versions prior to 2.3.24 **Description** The issue allows external parties to access files or directories, enabling the collection of data from common resource locations. **Recommendations** For versions prior to 2.3.24, update to version 2.3.24 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CyberMath versions 1.4 through 1.4 **Description** A Cross-Site Request Forgery (CSRF) issue affects CyberMath, allowing unauthorized actions to be performed on behalf of a user. This issue can be exploited by tricking a user into performing an unintended action on the web application. **Recommendations** For versions 1.4, update to version 1.5 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific version.

**Name of the Vulnerable Software and Affected Versions** CyberMath versions 1.4 through 1.4 **Description** The issue allows an unrestricted upload of a file with a dangerous type, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to the server. **Recommendations** For versions 1.4, update to version 1.5 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent potential exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CyberMath versions 1.4 through 1.4 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This affects the CyberMath software. **Recommendations** For versions 1.4, update to version 1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CyberMath versions 1.4 through 1.4 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This affects the CyberMath software. **Recommendations** For versions 1.4, update to version 1.5 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DECE Software Geodi versions prior to 8.0.0.27396 **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For versions prior to 8.0.0.27396, update to version 8.0.0.27396 or later to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the website.

**Name of the Vulnerable Software and Affected Versions** DECE Software Geodi versions prior to 8.0.0.27396 **Description** The issue is related to an Improper Enforcement of Behavioral Workflow vulnerability, which allows for Functionality Bypass in DECE Software Geodi. **Recommendations** For versions prior to 8.0.0.27396, update to version 8.0.0.27396 or later to resolve the issue.