CVE-2024-4658 | THREATINT

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection. This issue affects Nova CMS: before 5.0.

PUBLISHED Reserved 2024-05-08 | Published 2024-10-10 | Updated 2026-06-03 | Assigner TR-CERT

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

Any version before 5.0

affected

Credits

Ali Kaan BASHAN finder

References

www.usom.gov.tr/bildirim/tr-24-1661 government-resource broken-link

siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1661 government-resource

cve.org (CVE-2024-4658)

nvd.nist.gov (CVE-2024-4658)

Download JSON