PatchSiren cyber security CVE debrief

CVE-2023-6145 İstanbul Soft Informatics and Consultancy Limited Company CVE debrief

CVE-2023-6145 describes a critical SQL injection issue in Softomi Advanced C2C Marketplace Software affecting versions before 12122023. The vulnerability is rated CVSS 9.8 and is classified as CWE-89, indicating a path for attacker-controlled SQL statements with severe confidentiality, integrity, and availability impact.

Vendor: İstanbul Soft Informatics and Consultancy Limited Company
Product: Softomi Advanced C2C Marketplace Software
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2023-12-21
Original CVE updated: 2026-05-20
Advisory published: 2023-12-21
Advisory updated: 2026-05-20

Who should care

Organizations running Softomi Advanced C2C Marketplace Software, especially administrators, application owners, and security teams responsible for internet-facing deployments or sensitive customer data.

Technical summary

The supplied NVD data and USOM references indicate an improper neutralization of special elements used in an SQL command (SQL injection) in Softomi Advanced C2C Marketplace Software. The vulnerable CPE pattern applies to versions before 12122023. NVD lists CVSS v3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which indicates a network-reachable issue with no privileges or user interaction required and high impact across confidentiality, integrity, and availability.

Defensive priority

Urgent. Treat as a high-risk internet-reachable application flaw until you confirm whether your deployment is on a fixed release and whether any compensating controls are in place.

Recommended defensive actions

Identify every deployment of Softomi Advanced C2C Marketplace Software and confirm the installed version.
Upgrade to version 12122023 or later, or apply the vendor/USOM guidance referenced in the advisory.
Review web, database, and application logs for anomalous SQL activity around the exposure window.
If the application is exposed to untrusted networks, restrict access until remediation is complete.
Validate that any custom integrations or extensions use parameterized queries and safe database handling patterns.
If patching cannot be completed promptly, isolate the affected system and monitor for unauthorized data access or modification.

Evidence notes

The corpus shows a CVE publication date of 2023-12-21 and an NVD last-modified date of 2026-05-20. NVD metadata lists the weakness as CWE-89 and the vulnerable CPE as softomi:advanced_c2c_marketplace_software with versions before 12122023. The supplied references include an official USOM security notice and a related advisory page. No CISA KEV entry is included in the supplied data.

Official resources

CVE-2023-6145 CVE record
CVE.org
CVE-2023-6145 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory

Officially published by CVE/NVD on 2023-12-21. The supplied source data was last modified on 2026-05-20. USOM references are included in the record; no KEV entry is present in the supplied enrichment.