CRITICAL
SDD Computer Software
CVE published 2023-02-23
CVE-2022-2504
A critical SQL injection vulnerability exists in SDD-Baro, a software product by SDD Computer Software. The flaw stems from improper neutralization of special elements in SQL commands (CWE-89), allowing unauthenticated attackers to execute arbitrary SQL statements. The vulnerability affects all versions prior to 2.8.432. The issue was disclosed by the Turkish National Cyber Security Incident Response Team [truncated]