CVE-2024-4228

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection. This issue ...

critical 9.8 CVSS 3.1

Published: Jun 26, 2024

Modified: Jun 3, 2026

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection.

This issue affects SSO (Single Sign On): from 1.0 before 1.1.

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0800
https://www.usom.gov.tr/bildirim/tr-24-0800
https://www.usom.gov.tr/bildirim/tr-24-0800

Version	3.1
Score	9.8 / 10
Severity	critical