CVE-2023-1547

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection. This issue affects Parkmatik: before 02.01-a51.

critical 9.8 CVSS 3.1

Published: Jul 13, 2023

Modified: Jun 1, 2026

Vendor: Elra

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.

This issue affects Parkmatik: before 02.01-a51.

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0404
https://www.usom.gov.tr/bildirim/tr-23-0404
https://www.usom.gov.tr/bildirim/tr-23-0404

CVSS Breakdown

Version	3.1
Score	9.8 / 10
Severity	critical

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-89

Affected Product

Vendor	Elra
Product	Parkmatik