CVE-2024-1153

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APPS: before v17.0.68.

medium 4.6 CVSS 3.1

Published: Jun 27, 2024

Modified: Jun 3, 2026

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Travel APPS: before v17.0.68.

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0809
https://www.usom.gov.tr/bildirim/tr-24-0809
https://www.usom.gov.tr/bildirim/tr-24-0809

Related CVEs

CVSS Breakdown

Version	3.1
Score	4.6 / 10
Severity	medium

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness (CWE)

CWE-89

Affected Product

Vendor	Talyabilisim
Product	Travel Apps