CVE-2023-4835

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. This issue affects Oil Management Software: before 20230912 .

critical 9.8 CVSS 3.1

Published: Sep 15, 2023

Modified: May 21, 2026

Vendor: Petroleum Management Software Application Project

Product: Petroleum Management Software Application

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.

This issue affects Oil Management Software: before 20230912 .

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0533
https://www.usom.gov.tr/bildirim/tr-23-0533
https://www.usom.gov.tr/bildirim/tr-23-0533

CVSS Breakdown

Version	3.1
Score	9.8 / 10
Severity	critical

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-89

Affected Product

Vendor	Petroleum Management Software Application Project
Product	Petroleum Management Software Application