CVE-2023-1091

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection. This issue affects Licensed Warehousing Automation System: through 2023.1.01.

critical 9.8 CVSS 3.1

Published: Mar 10, 2023

Modified: Jun 1, 2026

Product: Licensed Warehousing Automation System

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.

This issue affects Licensed Warehousing Automation System: through 2023.1.01.

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0139
https://www.usom.gov.tr/bildirim/tr-23-0139
https://www.usom.gov.tr/bildirim/tr-23-0139

CVSS Breakdown

Version	3.1
Score	9.8 / 10
Severity	critical

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-89

Affected Product

Vendor	Alpatateknoloji
Product	Licensed Warehousing Automation System