Exposures › CVE-2026-5955
Inrove Software's BiEticaret software before v3.3.57 contains a critical SQL injection vulnerability (CVE-2026-5955) that allows attackers to execute arbitrary SQL commands.
This SQL injection flaw in Inrove Software's BiEticaret product allows attackers to execute arbitrary SQL commands, potentially leading to data exfiltration or database manipulation. DIB organizations must ensure they are running patched versions (v3.3.57 or later) and implement input validation to prevent exploitation, as SQL injection is a high-risk attack vector for sensitive defense data.
Shame score — A critical SQL injection vulnerability in a software product that affects compliance and data integrity, though not actively exploited or linked to ransomware.
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue affects BiEticaret: before v3.3.57.
No correlated FedRAMP products.