{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-1547","assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","state":"PUBLISHED","assignerShortName":"TR-CERT","dateReserved":"2023-03-21T10:09:35.583Z","datePublished":"2023-07-13T07:42:44.365Z","dateUpdated":"2026-06-01T10:42:36.932Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT","dateUpdated":"2026-06-01T10:42:36.932Z"},"title":"SQLi in Elra Computers Parkmatik","datePublic":"2023-07-13T08:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-110","descriptions":[{"lang":"en","value":"CAPEC-110 SQL Injection through SOAP Parameter Tampering"}]},{"capecId":"CAPEC-108","descriptions":[{"lang":"en","value":"CAPEC-108 Command Line Execution through SQL Injection"}]}],"affected":[{"vendor":"Elra","product":"Parkmatik","versions":[{"status":"affected","version":"0","lessThan":"02.01-a51","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.\n\nThis issue affects Parkmatik: before 02.01-a51.","supportingMedia":[{"type":"text/html","base64":false,"value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.<p>This issue affects Parkmatik: before 02.01-a51.</p>"}]}],"references":[{"url":"https://www.usom.gov.tr/bildirim/tr-23-0404","tags":["government-resource","broken-link"]},{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0404","tags":["government-resource"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"CRITICAL","baseScore":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}],"credits":[{"lang":"en","value":"Resul Melih MACIT","user":"00000000-0000-4000-9000-000000000000","type":"finder"}],"source":{"defect":["TR-23-0404"],"advisory":"TR-23-0404","discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:49:11.665Z"},"title":"CVE Program Container","references":[{"tags":["government-resource","x_transferred"],"url":"https://www.usom.gov.tr/bildirim/tr-23-0404"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-30T16:07:28.542857Z","id":"CVE-2023-1547","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-30T16:07:39.790Z"}}]}}