CVE-2023-6145 in Softomi Advanced C2C Marketplace Softwareinfo

Summary

by MITRE • 12/21/2023

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection.

This issue affects Softomi Advanced C2C Marketplace Software: before 12122023.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/20/2026

The vulnerability identified as CVE-2023-6145 represents a critical SQL injection flaw within the Softomi Advanced C2C Marketplace Software platform developed by İstanbul Soft Informatics and Consultancy Limited Company. This vulnerability falls under the Common Weakness Enumeration category CWE-89, which specifically addresses improper neutralization of special elements used in SQL commands. The issue manifests when the application fails to properly sanitize or escape user-supplied input before incorporating it into SQL queries, creating an avenue for malicious actors to manipulate database operations through crafted input sequences.

The technical exploitation of this vulnerability occurs when an attacker can inject malicious SQL code through input fields or parameters that are not adequately validated or escaped. This typically happens in scenarios where user input directly influences SQL query construction without proper sanitization mechanisms. The vulnerability affects versions of the Softomi Advanced C2C Marketplace Software prior to the 12122023 release, indicating that the developers have likely addressed this issue in subsequent updates. Attackers can leverage this flaw to execute unauthorized database operations including but not limited to data extraction, modification, or deletion, potentially leading to complete database compromise.

The operational impact of this vulnerability extends beyond simple data theft, as it can enable attackers to escalate privileges within the database system and potentially gain access to sensitive user information, transactional data, and system configurations. The attack surface is particularly concerning in e-commerce environments where user credentials, payment information, and personal data are frequently processed through database queries. This vulnerability aligns with the ATT&CK framework's technique T1071.005 for application layer protocol usage and T1046 for network service scanning, as attackers may first enumerate database services before exploiting this specific SQL injection weakness.

Organizations utilizing the affected Softomi software should immediately implement mitigation strategies including input validation, parameterized queries, and regular security updates to address this vulnerability. The remediation process should involve comprehensive code review to identify all input points that could be susceptible to SQL injection attacks, implementation of proper input sanitization mechanisms, and deployment of web application firewalls to detect and prevent malicious SQL injection attempts. Additionally, database access controls should be reviewed to ensure least privilege principles are enforced, limiting the potential damage from successful exploitation of this vulnerability.

Reservation

11/15/2023

Disclosure

12/21/2023

Moderation

accepted

CPE

ready

EPSS

0.00518

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!