PatchSiren cyber security CVE debrief
CVE-2023-4530 Turna CVE debrief
CVE-2023-4530 is a critical SQL injection vulnerability affecting Turnatasarim’s Advertising Administration Panel before version 1.1. The issue was publicly recorded on 2023-10-06 and mapped by NVD to CWE-89 with a CVSS 3.1 score of 9.8, indicating that successful exploitation could have severe confidentiality, integrity, and availability impact. No KEV entry was supplied in the source corpus, but the vulnerability merits urgent remediation wherever the panel is deployed.
- Vendor
- Turna
- Product
- Advertising Administration Panel
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-10-06
- Original CVE updated
- 2026-05-21
- Advisory published
- 2023-10-06
- Advisory updated
- 2026-05-21
Who should care
Administrators, security teams, and developers responsible for Turnatasarim Advertising Administration Panel installations, especially any internet-facing or database-backed deployments running versions before 1.1.
Technical summary
The supplied NVD data describes an SQL injection condition in Advertising Administration Panel versions before 1.1. The vulnerability is classified as CWE-89 and scored CVSS 3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which aligns with a network-reachable issue requiring no privileges or user interaction and capable of high impact across confidentiality, integrity, and availability.
Defensive priority
Critical. Treat as urgent for any exposed or actively used deployment because the vulnerability is remotely reachable and rated 9.8 in the supplied NVD record.
Recommended defensive actions
- Inventory all Turnatasarim Advertising Administration Panel instances and confirm exact versions in use.
- Upgrade any affected installation to version 1.1 or later, since the supplied record marks versions before 1.1 as vulnerable.
- Prioritize remediation for any panel instance reachable from the internet or from broadly accessible internal networks.
- Review application and database logs for unexpected query patterns or error spikes around the affected component.
- Apply least-privilege database permissions and other compensating controls where immediate upgrading is not possible.
- Validate that any mitigation guidance in the referenced USOM advisory has been applied.
Evidence notes
This debrief is based only on the supplied CVE/NVD corpus and official links. The core facts available are: CVE-2023-4530, SQL injection, Turnatasarim Advertising Administration Panel before 1.1, CWE-89, CVSS 3.1 9.8, and public publication on 2023-10-06. The supplied NVD record was later modified on 2026-05-21, which does not change the original issue date. The corpus includes USOM references, but the full advisory content was not provided here, so mitigation details are intentionally limited to what is directly supported.
Official resources
-
CVE-2023-4530 CVE record
CVE.org
-
CVE-2023-4530 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly disclosed on 2023-10-06. The supplied NVD record was modified on 2026-05-21. No KEV listing was supplied in the corpus.