CVE-2025-1929

High CVSS 7.2

Overview

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection.This issue affects Reel Sektör Hazine ve Risk Yönetimi Yazılımı: through 1.0.0.4.

CWE: CWE-89 Published: 2025-08-15T12:15:25.203

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.2 (HIGH)
Detected tags: blind_sql, sql (tag impact: MODERATE)

Recommended actions:

Use parameterized queries and sensible timeouts; minimize error details.
Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Overview

Recommended tools

Tags