CVE-2023-35064

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering. This issue affects Satos Mobile: before 20230607.

critical 9.8 CVSS 3.1

Published: Jun 13, 2023

Modified: May 22, 2026

Vendor: Satos

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.

This issue affects Satos Mobile: before 20230607.

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0346
https://www.usom.gov.tr/bildirim/tr-23-0346
https://https://www.usom.gov.tr/bildirim/tr-23-0346

CVSS Breakdown

Version	3.1
Score	9.8 / 10
Severity	critical

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-89

Affected Product

Vendor	Satos
Product	Satos Mobile