Home

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection.This issue affects Yordam Library Automation System: from 21.5 & 21.6 before 21.7.

PUBLISHED Reserved 2025-09-14 | Published 2025-09-17 | Updated 2025-09-17 | Assigner TR-CERT




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unaffected

21.5 & 21.6 (custom) before 21.7
affected

Credits

Muhammet Talha ODABAŞI finder

Sarp Dora YÖNDEN finder

Abdurrahman Emre ÖZKÖK coordinator

References

www.usom.gov.tr/bildirim/tr-25-0268

cve.org (CVE-2025-10439)

nvd.nist.gov (CVE-2025-10439)

Download JSON