Unauthenticated SQL injection in Aksis Technology Netty ERP versions prior to V.1.1000 allows remote attackers to manipulate backend database queries with full confidentiality, integrity, and availability impact (CVSS 9.8). The flaw is rooted in improper neutralization of special elements in SQL commands (CWE-89), and no public exploit has been identified at time of analysis, though the Turkish national CSIRT (USOM) has issued a public bulletin tracking this issue.
SQLi
NVD
VulDB
CVSS 3.1
9.8
EPSS
0.0%