Skip to main content

Akilli Commerce E-Commerce Website CVE-2025-6577

| EUVDEUVD-2025-209783 CRITICAL
SQL Injection (CWE-89)
2026-05-12 TR-CERT GHSA-h999-6ppq-jh7h
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
May 12, 2026 - 11:01 EUVD
Analysis Generated
May 12, 2026 - 10:30 vuln.today
CVE Published
May 12, 2026 - 09:31 nvd
CRITICAL 9.8

DescriptionCVE.org

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection.

This issue affects E-Commerce Website: before 4.5.001.

AnalysisAI

SQL injection in Akilli Commerce E-Commerce Website versions before 4.5.001 allows remote unauthenticated attackers to execute arbitrary SQL commands with complete database access. The vulnerability permits extraction of sensitive customer and transaction data, modification of product catalogs and pricing, and potential complete system compromise. CVSS score of 9.8 (Critical) reflects network-accessible exploitation requiring no authentication or user interaction, though no active exploitation has been reported in CISA KEV and EPSS data is not available.

Technical ContextAI

The vulnerability stems from CWE-89 (SQL Injection), where the E-Commerce Website platform fails to properly sanitize or parameterize user-supplied input before incorporating it into SQL queries. Affecting the Akilli Commerce Software Technologies E-Commerce Website platform (CPE: cpe:2.3:a:akilli_commerce_software_technologies_ltd._co.:e-commerce_website), this class of vulnerability typically occurs in web application endpoints handling user input such as search fields, product filters, login forms, or checkout processes. Without prepared statements or input validation, attackers can inject malicious SQL syntax to manipulate database queries, bypassing authentication mechanisms, extracting data through UNION-based or blind injection techniques, or executing administrative database commands.

RemediationAI

Upgrade immediately to Akilli Commerce E-Commerce Website version 4.5.001 or later, which contains fixes for the SQL injection vulnerability per TR-CERT advisory at https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0222. Organizations unable to patch immediately should implement layered compensating controls: deploy a Web Application Firewall (WAF) with SQL injection rulesets to block common attack patterns, though sophisticated attacks may bypass signature-based detection; restrict database user permissions to minimum required operations (read-only where possible, no DROP/ALTER privileges) to limit injection impact, though data exfiltration remains possible; implement database activity monitoring to detect anomalous query patterns such as UNION statements or excessive row returns; isolate the application database on a separate network segment with strict firewall rules. Note that workarounds provide defense-in-depth but do not eliminate the vulnerability-patching to version 4.5.001 remains the only complete remediation. Contact Akilli Commerce support channels for patch deployment assistance and verify post-patch that all application functionality remains operational.

CVE-2021-25207 CRITICAL POC
9.8 Jul 23

Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary cod

CVE-2021-25205 CRITICAL POC
9.8 Jul 22

SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL

CVE-2024-8217 MEDIUM POC
6.9 Aug 27

A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. Rated medium severit

CVE-2026-2347 CRITICAL
9.8 May 14

Authorization bypass in Akilli Commerce E-Commerce Website before 4.5.001 allows remote unauthenticated attackers to hij

CVE-2025-11024 CRITICAL
9.8 May 14

Remote unauthenticated SQL injection in Akilli Commerce Software Technologies E-Commerce Website before version 4.5.001

CVE-2025-11513 MEDIUM POC
5.5 Oct 09

A vulnerability was determined in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/

CVE-2025-11596 MEDIUM POC
5.5 Oct 11

A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of t

CVE-2025-11558 MEDIUM POC
5.5 Oct 09

A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/us

CVE-2025-11420 MEDIUM POC
5.5 Oct 08

A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages

CVE-2022-27330 MEDIUM POC
5.4 May 03

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows atta

CVE-2021-25204 MEDIUM POC
5.4 Jul 23

Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject ar

CVE-2024-8139 MEDIUM POC
5.3 Aug 25

A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Rated medium severity

Share

CVE-2025-6577 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy