CVE-2024-1100

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection. This issue affects DIGIKENT GIS: through 2.23.5.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0589
https://www.usom.gov.tr/bildirim/tr-24-0589
https://www.usom.gov.tr/bildirim/tr-24-0589

Configurations

No configuration.

History

03 Jun 2026, 16:16

Type	Values Removed	Values Added
Summary	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through 2.23.5.	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection. This issue affects DIGIKENT GIS: through 2.23.5.
References		() https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0589 -

21 Nov 2024, 08:49

Type	Values Removed	Values Added
References	~~() https://www.usom.gov.tr/bildirim/tr-24-0589 -~~	() https://www.usom.gov.tr/bildirim/tr-24-0589 -

03 Jul 2024, 01:44

Type	Values Removed	Values Added
Summary		(es) Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Vadi Corporate Information Systems DIGIKENT GIS permite la inyección SQL. Este problema afecta a DIGIKENT GIS: hasta 2.23.5.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

30 May 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-30 12:15

Updated : 2026-06-03 16:16

NVD link : CVE-2024-1100

Mitre link : CVE-2024-1100

CVE.ORG link : CVE-2024-1100

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-1100", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-05-30T12:15:10.340", "references": [{"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0589", "source": "iletisim@usom.gov.tr"}, {"url": "https://www.usom.gov.tr/bildirim/tr-24-0589", "source": "iletisim@usom.gov.tr"}, {"url": "https://www.usom.gov.tr/bildirim/tr-24-0589", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.\n\nThis issue affects DIGIKENT GIS: through 2.23.5."}, {"lang": "es", "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Vadi Corporate Information Systems DIGIKENT GIS permite la inyecci\u00f3n SQL. Este problema afecta a DIGIKENT GIS: hasta 2.23.5."}], "lastModified": "2026-06-03T16:16:20.020", "sourceIdentifier": "iletisim@usom.gov.tr"}