CVE-2024-9286

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11.

CVSS

No CVSS.

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-24-1649

Configurations

No configuration.

History

14 Oct 2025, 14:15

Type	Values Removed	Values Added
CWE	~~CWE-20~~
Summary	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Input Validation vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11.	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11.

21 Nov 2024, 17:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~0.0~~	v2 : unknown v3 : unknown

10 Oct 2024, 12:51

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') y validación de entrada incorrecta en TRtek Software Distant Education Platform permite inyección SQL e inyección de parámetros. Este problema afecta a la plataforma de educación a distancia: antes de 3.2024.11.

09 Oct 2024, 14:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 0.0

09 Oct 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-09 14:15

Updated : 2025-10-14 14:15

NVD link : CVE-2024-9286

Mitre link : CVE-2024-9286

CVE.ORG link : CVE-2024-9286

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-9286", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-10-09T14:15:07.823", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-1649", "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') y validaci\u00f3n de entrada incorrecta en TRtek Software Distant Education Platform permite inyecci\u00f3n SQL e inyecci\u00f3n de par\u00e1metros. Este problema afecta a la plataforma de educaci\u00f3n a distancia: antes de 3.2024.11."}], "lastModified": "2025-10-14T14:15:41.350", "sourceIdentifier": "iletisim@usom.gov.tr"}