PT-2009-1467 · Jetik · Jetik Emlak Sistem A

Zorlu

Published

2009-01-28

Updated

2017-09-29

CVE-2008-5992

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Jetik Emlak Sistem A (ESA) version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the KayitNo parameter to API endpoints such as "diger.php" and "sayfalar.php".

Recommendations For Jetik Emlak Sistem A (ESA) version 2.0, consider restricting access to the diger.php and sayfalar.php endpoints until a patch is available. Avoid using the KayitNo parameter in these endpoints to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-5992

Affected Products

Jetik Emlak Sistem A

PT-2009-1467 · Jetik · Jetik Emlak Sistem A

CVE-2008-5992

Weakness Enumeration

Related Identifiers

Affected Products

References · 5