CVE-2024-1153 - Vulnerability Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Talyabilisim	Travel Apps

Configuration 1 [-]

cpe:2.3:a:talyabilisim:travel_apps:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-24-0809

History

Tue, 14 Oct 2025 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-284

Tue, 14 Oct 2025 13:00:00 +0000

Type	Values Removed	Values Added
Description	Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.
Title	Improper Access Control in Talya Informatics' Travel APPS	SQL Injection Vulnerability in Talya Informatics' Travel APPS
Weaknesses		CWE-89

Fri, 12 Sep 2025 07:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 12 Sep 2025 06:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}`	cvssV3_1 `{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Mon, 16 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Talyabilisim Talyabilisim travel Apps
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:talyabilisim:travel_apps::::::::
Vendors & Products		Talyabilisim Talyabilisim travel Apps

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-06-27T13:09:28.115Z

Updated: 2025-10-14T12:36:56.615Z

Reserved: 2024-02-01T12:14:53.148Z

Link: CVE-2024-1153

Vulnrichment

Updated: 2024-08-01T18:26:30.554Z

NVD

Status : Modified

Published: 2024-06-27T14:15:12.957

Modified: 2025-10-14T13:15:34.310

Link: CVE-2024-1153

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object