CVE-2023-3616 - Vulnerability Details - OpenCVE

ReportizFlow

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Mava	Hotel Management System

Configuration 1 [-]

cpe:2.3:a:mava:hotel_management_system:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-23-0493

History

Fri, 27 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-09-05T17:59:11.573Z

Updated: 2024-09-27T13:29:00.965Z

Reserved: 2023-07-11T14:12:21.527Z

Link: CVE-2023-3616

Vulnrichment

Updated: 2024-08-02T07:01:56.927Z

NVD

Status : Modified

Published: 2023-09-05T18:15:11.150

Modified: 2024-11-21T08:17:40.680

Link: CVE-2023-3616

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3616", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-07-11T14:12:21.527Z", "datePublished": "2023-09-05T17:59:11.573Z", "dateUpdated": "2024-09-27T13:29:00.965Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hotel Management System", "vendor": "Mava Software", "versions": [{"lessThan": "2.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Resul Melih MACIT"}], "datePublic": "2023-09-05T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.<p>This issue affects Hotel Management System: before 2.0.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.\n\n"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-09-05T17:59:11.573Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0493"}], "source": {"advisory": "TR-23-0493", "defect": ["TR-23-0493"], "discovery": "UNKNOWN"}, "title": "SQLi in Mava Softwares Hotel Management System", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:01:56.927Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0493"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-27T13:28:50.916828Z", "id": "CVE-2023-3616", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T13:29:00.965Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0493", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:01:56.927Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3616", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-27T13:28:50.916828Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T13:28:55.988Z"}}], "cna": {"title": "SQLi in Mava Softwares Hotel Management System", "source": {"defect": ["TR-23-0493"], "advisory": "TR-23-0493", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Resul Melih MACIT"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mava Software", "product": "Hotel Management System", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2023-09-05T18:00:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0493", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.<p>This issue affects Hotel Management System: before 2.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-09-05T17:59:11.573Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3616", "state": "PUBLISHED", "dateUpdated": "2024-09-27T13:29:00.965Z", "dateReserved": "2023-07-11T14:12:21.527Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2023-09-05T17:59:11.573Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mava:hotel_management_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "F970B6B3-9043-4B71-B5BD-46C931DBF608", "versionEndExcluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.\n\n"}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando SQL en Mava Software Hotel Management System que permite la inyecci\u00f3n SQL. Este problema afecta a Hotel Management System antes de la versi\u00f3n 2.0. "}], "id": "CVE-2023-3616", "lastModified": "2024-11-21T08:17:40.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-09-05T18:15:11.150", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0493"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Secondary"}]}