PatchSiren

POSTAHSİL CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL POSTAHSİL CVE published 2024-02-15

CVE-2023-7081

A critical SQL injection vulnerability in POSTAHSİL Online Payment System allows unauthenticated remote attackers to execute arbitrary SQL commands, potentially leading to complete database compromise. The vulnerability stems from improper neutralization of special elements in SQL commands (CWE-89). Affected versions are all releases prior to 14.02.2024. The Turkish National Cyber Security Incident Respon [truncated]