CVE-2025-5243

Published: Jul 24, 2025Modified: Jun 5, 2026Deferred

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: iletisim@usom.gov.tr (Secondary)

Description

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025.

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0174

Source: iletisim@usom.gov.tr

https://www.usom.gov.tr/bildirim/tr-25-0174

Source: iletisim@usom.gov.tr

Timeline

No history available yet.