CVE-2025-11251

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-11251
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0084
https://www.usom.gov.tr/bildirim/tr-26-0084 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:daynex:woyio:-:*:*:*:*:*:*:*
History

04 Jun 2026, 20:16

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de Neutralización Incorrecta de Elementos Especiales utilizados en un Comando SQL ('inyección SQL') en la Plataforma de Comercio Electrónico de Dayneks Software Industry and Trade Inc. permite inyección SQL. Este problema afecta a la Plataforma de Comercio Electrónico: hasta el 27022026. NOTA: Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió de ninguna manera.
Summary (en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection.This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. (en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
  • () https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0084 -

27 Feb 2026, 17:22

Type Values Removed Values Added
CPE cpe:2.3:a:daynex:woyio:-:*:*:*:*:*:*:*
References () https://www.usom.gov.tr/bildirim/tr-26-0084 - () https://www.usom.gov.tr/bildirim/tr-26-0084 - Third Party Advisory
First Time Daynex
Daynex woyio

27 Feb 2026, 12:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-27 12:16

Updated : 2026-06-04 20:16

NVD link : CVE-2025-11251

Mitre link : CVE-2025-11251

CVE.ORG link : CVE-2025-11251

JSON object : View

Products Affected

daynex

  • woyio
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')