Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection.This issue affects E-Commerce Platform: through 27022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
SQL injection in Dayneks Software allows unauthenticated attackers to manipulate database queries and extract or modify data.
Technical ContextAI
CWE-89 SQL injection. Unauthenticated access to vulnerable endpoint enables arbitrary SQL query execution.
RemediationAI
Apply vendor patch. Use parameterized queries. Implement WAF rules.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today