Unpatched SQL Injection Vulnerability in Teknogis Informatics Closed Circuit Vehicle Tracking Software Leaves Systems at Risk
CVE-2024-7026

7.5HIGH

Key Information:

Vendor: Teknogis Informatics
Status: Closed Circuit Vehicle Tracking Software
Vendor: CVE Published:; 21 November 2024

🔔 Create Teknogis Informatics Vulnerability Alert

What is CVE-2024-7026?

The Closed Circuit Vehicle Tracking Software by Teknogis Informatics is susceptible to an SQL Injection vulnerability, allowing attackers to manipulate SQL commands. This vulnerability includes the potential for Blind SQL Injection, which can lead to unauthorized data access and database compromise. Notably, the vendor was contacted regarding this serious issue prior to public disclosure, but has yet to respond. Organizations utilizing the affected software versions are strongly encouraged to apply appropriate security measures and ensure prompt updates to safeguard their data.

Affected Version(s)

Closed Circuit Vehicle Tracking Software 0 <= 21.11.2024

References

https://www.usom.gov.tr/bildirim/tr-24-1866

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2024
Vulnerability Reserved
Jul 23, 2024

Credit

Yunus ORNEK