{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-2851","assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","state":"PUBLISHED","assignerShortName":"TR-CERT","dateReserved":"2023-05-23T18:25:17.566Z","datePublished":"2023-05-25T13:37:23.200Z","dateUpdated":"2026-05-22T10:59:02.089Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT","dateUpdated":"2026-05-22T10:59:02.089Z"},"title":"SQLi in Ceppatron","datePublic":"2023-05-25T13:30:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-108","descriptions":[{"lang":"en","value":"CAPEC-108 Command Line Execution through SQL Injection"}]},{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"affected":[{"vendor":"AGT Tech","product":"Ceppatron","versions":[{"status":"affected","version":"0"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.\n\nThis issue affects all versions of the sofware also EOS when CVE-ID assigned.","supportingMedia":[{"type":"text/html","base64":false,"value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.<p>This issue affects all versions of the sofware also EOS when CVE-ID assigned.</p>"}]}],"tags":["unsupported-when-assigned"],"references":[{"url":"https://www.usom.gov.tr/bildirim/tr-23-0294","tags":["government-resource","broken-link"]},{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0294","tags":["government-resource"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"CRITICAL","baseScore":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}],"solutions":[{"lang":"en","value":"The software is End-of-Support. ıt is recommended not to use Ceppatron.","supportingMedia":[{"type":"text/html","base64":false,"value":"The software is End-of-Support. ıt is recommended not to use Ceppatron."}]}],"credits":[{"lang":"en","value":"Omer Fatih YEGIN","user":"00000000-0000-4000-9000-000000000000","type":"finder"}],"source":{"defect":["TR-23-0294"],"advisory":"TR-23-0294","discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-2851","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-20T20:05:51.832558Z"}}}],"affected":[{"cpes":["cpe:2.3:a:agtteknik:ceppatron:-:*:*:*:*:*:*:*"],"vendor":"agtteknik","product":"ceppatron","versions":[{"status":"affected","version":"-"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:16:51.736Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:33:05.700Z"},"title":"CVE Program Container","references":[{"tags":["government-resource","x_transferred"],"url":"https://www.usom.gov.tr/bildirim/tr-23-0294"}]}]}}