Search criteria
11 vulnerabilities by utarit
CVE-2025-7358 (GCVE-0-2025-7358)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:47 – Updated: 2025-12-18 15:25
VLAI?
Title
Use of Hard-coded Credentials in Utarit Informatics' SoliClub
Summary
Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.This issue affects SoliClub: before 5.3.7.
Severity ?
7.5 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Informatics Services Inc. | SoliClub |
Affected:
0 , < 5.3.7
(custom)
|
Credits
Samet ALKIŞ
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:25:32.648808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:25:51.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliClub",
"vendor": "Utarit Informatics Services Inc.",
"versions": [
{
"lessThan": "5.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Samet ALKI\u015e"
}
],
"datePublic": "2025-12-18T14:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.\u003cp\u003eThis issue affects SoliClub: before 5.3.7.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.This issue affects SoliClub: before 5.3.7."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:47:50.294Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
}
],
"source": {
"advisory": "TR-25-0466",
"defect": [
"TR-25-0466"
],
"discovery": "UNKNOWN"
},
"title": "Use of Hard-coded Credentials in Utarit Informatics\u0027 SoliClub",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-7358",
"datePublished": "2025-12-18T14:47:50.294Z",
"dateReserved": "2025-07-08T14:40:19.419Z",
"dateUpdated": "2025-12-18T15:25:51.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7047 (GCVE-0-2025-7047)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:43 – Updated: 2025-12-18 15:27
VLAI?
Title
Missing Authorization in Utarit Informatics' SoliClub
Summary
Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.This issue affects SoliClub: before 5.3.7.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Informatics Services Inc. | SoliClub |
Affected:
0 , < 5.3.7
(custom)
|
Credits
Samet ALKIŞ
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:26:51.223704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:27:16.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliClub",
"vendor": "Utarit Informatics Services Inc.",
"versions": [
{
"lessThan": "5.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Samet ALKI\u015e"
}
],
"datePublic": "2025-12-18T14:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.\u003cp\u003eThis issue affects SoliClub: before 5.3.7.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.This issue affects SoliClub: before 5.3.7."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:43:44.182Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
}
],
"source": {
"advisory": "TR-25-0466",
"defect": [
"TR-25-0466"
],
"discovery": "UNKNOWN"
},
"title": "Missing Authorization in Utarit Informatics\u0027 SoliClub",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-7047",
"datePublished": "2025-12-18T14:43:44.182Z",
"dateReserved": "2025-07-03T13:12:39.422Z",
"dateUpdated": "2025-12-18T15:27:16.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1031 (GCVE-0-2025-1031)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:27 – Updated: 2025-12-18 15:32
VLAI?
Title
IDOR in Utarit Informatics' SoliClub
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7.
Severity ?
7.5 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Informatics Services Inc. | SoliClub |
Affected:
5.2.4 , < 5.3.7
(custom)
|
Credits
Mustafa Anıl YILDIRIM
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:30:54.531916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:32:40.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliClub",
"vendor": "Utarit Informatics Services Inc.",
"versions": [
{
"lessThan": "5.3.7",
"status": "affected",
"version": "5.2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mustafa An\u0131l YILDIRIM"
}
],
"datePublic": "2025-12-18T14:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.\u003cp\u003eThis issue affects SoliClub: from 5.2.4 before 5.3.7.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:27:24.041Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
}
],
"source": {
"advisory": "TR-25-0466",
"defect": [
"TR-25-0466"
],
"discovery": "UNKNOWN"
},
"title": "IDOR in Utarit Informatics\u0027 SoliClub",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-1031",
"datePublished": "2025-12-18T14:27:24.041Z",
"dateReserved": "2025-02-04T14:41:56.782Z",
"dateUpdated": "2025-12-18T15:32:40.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1030 (GCVE-0-2025-1030)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:22 – Updated: 2025-12-18 15:32
VLAI?
Title
Sensitive Data Exposure in Utarit Informatics' SoliClub
Summary
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7.
Severity ?
7.5 (High)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Informatics Services Inc. | SoliClub |
Affected:
5.2.4 , < 5.3.7
(custom)
|
Credits
Mustafa Anıl YILDIRIM
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:30:57.091594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:32:52.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliClub",
"vendor": "Utarit Informatics Services Inc.",
"versions": [
{
"lessThan": "5.3.7",
"status": "affected",
"version": "5.2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mustafa An\u0131l YILDIRIM"
}
],
"datePublic": "2025-12-18T14:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.\u003cp\u003eThis issue affects SoliClub: from 5.2.4 before 5.3.7.\u003c/p\u003e"
}
],
"value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:22:54.530Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
}
],
"source": {
"advisory": "TR-25-0466",
"defect": [
"TR-25-0466"
],
"discovery": "UNKNOWN"
},
"title": "Sensitive Data Exposure in Utarit Informatics\u0027 SoliClub",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-1030",
"datePublished": "2025-12-18T14:22:54.530Z",
"dateReserved": "2025-02-04T14:41:48.421Z",
"dateUpdated": "2025-12-18T15:32:52.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1029 (GCVE-0-2025-1029)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:16 – Updated: 2025-12-18 15:33
VLAI?
Title
Hardcoded Credentials in Utarit Informatics' SoliClub
Summary
Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7.
Severity ?
7.5 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Information Services Inc. | SoliClub |
Affected:
5.2.4 , < 5.3.7
(custom)
|
Credits
Mustafa Anıl YILDIRIM
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:30:59.536160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:33:10.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliClub",
"vendor": "Utarit Information Services Inc.",
"versions": [
{
"lessThan": "5.3.7",
"status": "affected",
"version": "5.2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mustafa An\u0131l YILDIRIM"
}
],
"datePublic": "2025-12-18T14:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.\u003cp\u003eThis issue affects SoliClub: from 5.2.4 before 5.3.7.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:16:22.136Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
}
],
"source": {
"advisory": "TR-25-0466",
"defect": [
"TR-25-0466"
],
"discovery": "UNKNOWN"
},
"title": "Hardcoded Credentials in Utarit Informatics\u0027 SoliClub",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-1029",
"datePublished": "2025-12-18T14:16:22.136Z",
"dateReserved": "2025-02-04T14:41:36.218Z",
"dateUpdated": "2025-12-18T15:33:10.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3306 (GCVE-0-2024-3306)
Vulnerability from cvelistv5 – Published: 2024-09-12 13:06 – Updated: 2024-09-12 19:10
VLAI?
Title
IDOR in Utarit Information's SoliClub
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Information | SoliClub |
Affected:
0 , < 4.4.0
(custom)
Affected: 0 , < 5.2.1 (custom) |
Credits
Mustafa Anıl YILDIRIM
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "soliclub",
"vendor": "utarit",
"versions": [
{
"lessThan": "4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T19:09:09.452416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:10:03.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliClub",
"vendor": "Utarit Information",
"versions": [
{
"lessThan": "4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mustafa An\u0131l YILDIRIM"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:06:12.188Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1457"
}
],
"source": {
"advisory": "TR-24-1457",
"defect": [
"TR-24-1457"
],
"discovery": "UNKNOWN"
},
"title": "IDOR in Utarit Information\u0027s SoliClub",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-3306",
"datePublished": "2024-09-12T13:06:12.188Z",
"dateReserved": "2024-04-04T12:00:34.676Z",
"dateUpdated": "2024-09-12T19:10:03.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3305 (GCVE-0-2024-3305)
Vulnerability from cvelistv5 – Published: 2024-09-12 13:03 – Updated: 2025-10-14 12:42
VLAI?
Title
IDOR in Utarit Information's SoliClub
Summary
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.
This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Information | SoliClub |
Affected:
0 , < 4.4.0
(custom)
Affected: 0 , < 5.2.1 (custom) |
Credits
Mustafa Anıl YILDIRIM
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "soliclub",
"vendor": "utarit",
"versions": [
{
"lessThan": "4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T18:45:06.544243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:48:41.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliClub",
"vendor": "Utarit Information",
"versions": [
{
"lessThan": "4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mustafa An\u0131l YILDIRIM"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.\u003cp\u003e\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.\n\n\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T12:42:00.898Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1457"
}
],
"source": {
"advisory": "TR-24-1457",
"defect": [
"TR-24-1457"
],
"discovery": "UNKNOWN"
},
"title": "IDOR in Utarit Information\u0027s SoliClub",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-3305",
"datePublished": "2024-09-12T13:03:13.863Z",
"dateReserved": "2024-04-04T11:53:42.686Z",
"dateUpdated": "2025-10-14T12:42:00.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6255 (GCVE-0-2023-6255)
Vulnerability from cvelistv5 – Published: 2024-02-15 15:52 – Updated: 2025-04-24 15:14
VLAI?
Title
Hardcoded Credentals in SoliClub Mobile App
Summary
Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8.
Severity ?
7.5 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Information Technologies | SoliPay Mobile App |
Affected:
0 , < 5.0.8
(custom)
|
Credits
Mustafa Anıl YILDIRIM
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:utarit:solipay_mobile_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solipay_mobile_app",
"vendor": "utarit",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T19:25:19.985701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:14:11.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-0104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliPay Mobile App",
"vendor": "Utarit Information Technologies",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mustafa An\u0131l YILDIRIM"
}
],
"datePublic": "2024-02-15T15:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.\u003cp\u003eThis issue affects SoliPay Mobile App: before 5.0.8.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Strings Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T15:52:03.063Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0104"
}
],
"source": {
"advisory": "TR-24-0104",
"defect": [
"TR-24-0104"
],
"discovery": "UNKNOWN"
},
"title": "Hardcoded Credentals in SoliClub Mobile App",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2023-6255",
"datePublished": "2024-02-15T15:52:03.063Z",
"dateReserved": "2023-11-22T12:53:40.528Z",
"dateUpdated": "2025-04-24T15:14:11.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5155 (GCVE-0-2023-5155)
Vulnerability from cvelistv5 – Published: 2024-02-15 15:46 – Updated: 2024-08-15 18:06
VLAI?
Title
SQLi in Utarit's Smart Deposit System
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Information Technologies | SoliPay Mobile App |
Affected:
0 , < 5.0.8
(custom)
|
Credits
Ömer Fatih YEĞİN
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-0104"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:utarit:solipay_mobile_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solipay_mobile_app",
"vendor": "utarit",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T19:46:22.645412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T18:06:24.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliPay Mobile App",
"vendor": "Utarit Information Technologies",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u00d6mer Fatih YE\u011e\u0130N"
}
],
"datePublic": "2024-02-15T15:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.\u003cp\u003eThis issue affects SoliPay Mobile App: before 5.0.8.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T15:46:51.062Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0104"
}
],
"source": {
"advisory": "TR-24-0104",
"defect": [
"TR-24-0104"
],
"discovery": "UNKNOWN"
},
"title": "SQLi in Utarit\u0027s Smart Deposit System",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2023-5155",
"datePublished": "2024-02-15T15:46:51.062Z",
"dateReserved": "2023-09-25T05:59:16.711Z",
"dateUpdated": "2024-08-15T18:06:24.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4993 (GCVE-0-2023-4993)
Vulnerability from cvelistv5 – Published: 2024-02-15 15:40 – Updated: 2024-09-26 11:41
VLAI?
Title
Sensetive Data Exposure in Utarit's Soliclub
Summary
Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
Severity ?
7.5 (High)
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Information Technologies | SoliPay Mobile App |
Affected:
0 , < 5.0.8
(custom)
|
Credits
Mustafa Anıl YILDIRIM
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-0104"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:utarit:solipay_mobile_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solipay_mobile_app",
"vendor": "utarit",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T20:13:13.905706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:16:37.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliPay Mobile App",
"vendor": "Utarit Information Technologies",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mustafa An\u0131l YILDIRIM"
}
],
"datePublic": "2024-02-15T15:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.\u003cp\u003eThis issue affects SoliPay Mobile App: before 5.0.8.\u003c/p\u003e"
}
],
"value": "Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8."
}
],
"impacts": [
{
"capecId": "CAPEC-569",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-569 Collect Data as Provided by Users"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648 Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T11:41:43.127Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0104"
}
],
"source": {
"advisory": "TR-24-0104",
"defect": [
"TR-24-0104"
],
"discovery": "UNKNOWN"
},
"title": "Sensetive Data Exposure in Utarit\u0027s Soliclub",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2023-4993",
"datePublished": "2024-02-15T15:40:24.532Z",
"dateReserved": "2023-09-15T12:06:16.658Z",
"dateUpdated": "2024-09-26T11:41:43.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1152 (GCVE-0-2023-1152)
Vulnerability from cvelistv5 – Published: 2023-03-17 08:21 – Updated: 2025-02-26 16:43
VLAI?
Title
SQLi in Utarit Persolus
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Utarit Information Technologies | Persolus |
Affected:
0 , < 2.03.93
(custom)
|
Credits
Omer Fatih YEGIN
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:57.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0154-2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-1152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:42:16.244121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:43:02.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Persolus",
"vendor": "Utarit Information Technologies",
"versions": [
{
"lessThan": "2.03.93",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Omer Fatih YEGIN"
}
],
"datePublic": "2023-03-17T08:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Utarit Information Technologies Persolus allows SQL Injection.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Persolus: before 2.03.93.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Utarit Information Technologies Persolus allows SQL Injection.\u00a0This issue affects Persolus: before 2.03.93."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-17T08:37:15.219Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0154-2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the version to \u0026gt;=2.03.93"
}
],
"value": "Update the version to \u003e=2.03.93"
}
],
"source": {
"advisory": "TR-23-0155",
"defect": [
"TR-23-0155"
],
"discovery": "UNKNOWN"
},
"title": "SQLi in Utarit Persolus",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2023-1152",
"datePublished": "2023-03-17T08:21:19.538Z",
"dateReserved": "2023-03-02T15:43:10.230Z",
"dateUpdated": "2025-02-26T16:43:02.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}