CVE-2025-9953

{"id": "CVE-2025-9953", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-02-19T12:16:15.707", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0078", "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-566"}]}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.This issue affects Databank Accreditation Software: through 19022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una vulnerabilidad de clave primaria SQL controlada por el usuario en el Software de Acreditaci\u00f3n Databank de DATABASE Software Training Consulting Ltd. permite la inyecci\u00f3n SQL. Este problema afecta al Software de Acreditaci\u00f3n Databank: hasta el 19022026.\n\nNOTA: El proveedor fue contactado temprano sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "iletisim@usom.gov.tr"}