CVE-2023-5806 Mergen Software CVE debrief

Who should care

Security teams, application owners, and administrators responsible for Mergentech Quality Management System deployments, especially any instance exposed to untrusted networks or handling sensitive records.

Technical summary

The issue is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). The NVD record lists the vulnerable CPE as mergentech:quality_management_system with affected versions ending before 1.2. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a remotely exploitable SQL injection condition with severe potential impact.

Defensive priority

Immediate

Recommended defensive actions

• Confirm whether Quality Management System is deployed in your environment and determine the exact version in use.
• Upgrade affected installations to version 1.2 or later as soon as possible.
• If immediate upgrade is not possible, restrict network exposure to trusted administrative paths only.
• Review application and database logs for unusual queries, errors, or unexpected access patterns around the affected service.
• Assess whether sensitive data may have been exposed or modified through the vulnerable application.
• Track remediation status and verify that no older vulnerable instances remain accessible.

Evidence notes

The CVE record was published on 2024-01-18 and later modified on 2026-05-20. NVD lists the affected product as mergentech:quality_management_system with versions before 1.2 and the weakness as CWE-89. The record also links to USOM advisory material, which supports the vulnerability classification and mitigation context. No KEV entry was provided in the supplied corpus.

Official resources