PatchSiren cyber security CVE debrief
CVE-2023-6173 TeoSOFT Software CVE debrief
CVE-2023-6173 is a critical SQL injection issue affecting TeoSOFT Software TeoBASE, with the affected range described as through 27032024. Because the flaw is categorized as CWE-89 and rated CVSS 9.8, defenders should treat this as an urgent application-layer database exposure until systems are verified remediated or isolated.
- Vendor
- TeoSOFT Software
- Product
- TeoBASE
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-03-27
- Original CVE updated
- 2026-05-20
- Advisory published
- 2024-03-27
- Advisory updated
- 2026-05-20
Who should care
Security teams, database administrators, application owners, and operators running TeoBASE instances in the affected range should prioritize this advisory. Organizations that expose the product to untrusted users or networks should treat it as immediately actionable.
Technical summary
The official records describe an improper neutralization of special elements used in an SQL command, i.e. SQL injection. NVD lists the vector as CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating remote, low-complexity exploitation with no privileges or user interaction required and the potential for high impact to confidentiality, integrity, and availability. The source also notes USOM references and NVD vulnStatus Deferred.
Defensive priority
Immediate / critical. Prioritize remediation, containment, and verification as soon as possible.
Recommended defensive actions
- Identify every TeoBASE deployment and confirm whether it falls within the affected range described as through 27032024.
- Apply the vendor’s fix or any official mitigation if available; if no fix is available, isolate the exposed system and restrict access.
- Review application and database logs for unexpected queries, errors, or anomalous access patterns around TeoBASE endpoints.
- Validate that input handling is parameterized and that any custom integrations do not forward unsanitized input into SQL statements.
- If there is any indication of exposure, rotate any credentials or secrets that may have been accessible through the affected application path.
- Monitor for unauthorized database access, data modification, or service instability until remediation is complete.
Evidence notes
This debrief is based only on the supplied official records and references. The CVE description states an SQL injection in TeoSOFT Software TeoBASE and notes that the vendor was contacted early but did not respond. NVD metadata lists CWE-89, CVSS 9.8 with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and vulnStatus Deferred. The record references USOM advisories at siberguvenlik.gov.tr and usom.gov.tr. Vendor identity metadata in the supplied corpus is low confidence, so the product/vendor naming here follows the CVE description rather than inferred enrichment.
Official resources
The supplied description states that the vendor was contacted early about this disclosure but did not respond in any way.