{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9953", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-09-03T14:01:06.488Z", "datePublished": "2026-02-19T11:55:10.191Z", "dateUpdated": "2026-06-25T12:18:11.901Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-25T12:18:11.901Z"}, "title": "SQLi in Database Software's Databank Accreditation Software", "datePublic": "2026-02-19T11:50:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-566", "description": "CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "affected": [{"vendor": "DATABASE Software Training Consulting Ltd.", "product": "Databank Accreditation Software", "versions": [{"status": "affected", "version": "0", "lessThan": "2026/04", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.\n\nThis issue affects Databank Accreditation Software: before 2026/04.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.<p>This issue affects Databank Accreditation Software: before 2026/04.</p>"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0078", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0078", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Veli O\u011fuzcan AKDA\u011e", "type": "finder"}], "source": {"defect": ["TR-26-0078"], "advisory": "TR-26-0078", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T20:26:51.574524Z", "id": "CVE-2025-9953", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T20:27:06.998Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9953", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-20T20:26:51.574524Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T20:26:59.552Z"}}], "cna": {"title": "SQLi in Database Software's Databank Accreditation Software", "source": {"defect": ["TR-26-0078"], "advisory": "TR-26-0078", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Veli O\u011fuzcan AKDA\u011e"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "DATABASE Software Training Consulting Ltd.", "product": "Databank Accreditation Software", "versions": [{"status": "affected", "version": "0", "lessThan": "2026/04", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-19T11:50:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0078", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0078", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.\n\nThis issue affects Databank Accreditation Software: before 2026/04.", "supportingMedia": [{"type": "text/html", "value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.<p>This issue affects Databank Accreditation Software: before 2026/04.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-566", "description": "CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-25T12:18:11.901Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9953", "state": "PUBLISHED", "dateUpdated": "2026-06-25T12:18:11.901Z", "dateReserved": "2025-09-03T14:01:06.488Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2026-02-19T11:55:10.191Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"defaultStatus": "unknown", "product": "Databank Accreditation Software", "vendor": "DATABASE Software Training Consulting Ltd.", "versions": [{"lessThanOrEqual": "19022026", "status": "affected", "version": "0", "versionType": "custom"}]}], "source": "iletisim@usom.gov.tr"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.\n\nThis issue affects Databank Accreditation Software: through 19022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una vulnerabilidad de clave primaria SQL controlada por el usuario en el Software de Acreditaci\u00f3n Databank de DATABASE Software Training Consulting Ltd. permite la inyecci\u00f3n SQL. Este problema afecta al Software de Acreditaci\u00f3n Databank: hasta el 19022026.\n\nNOTA: El proveedor fue contactado temprano sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2025-9953", "lastModified": "2026-06-17T10:10:08.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "iletisim@usom.gov.tr", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-9953", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "total"}], "role": "CISA Coordinator", "timestamp": "2026-02-20T20:26:51.574524Z", "version": "2.0.3"}}]}, "published": "2026-02-19T12:16:15.707", "references": [{"source": "iletisim@usom.gov.tr", "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0078"}, {"source": "iletisim@usom.gov.tr", "url": "https://www.usom.gov.tr/bildirim/tr-26-0078"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-566"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}

{}

{"created": "2026-02-20T10:07:12.470541+00:00", "updated": "2026-02-20T10:07:12.470644+00:00", "vendors": ["database_software_training_consulting_ltd.", "database_software_training_consulting_ltd.$PRODUCT$databank_accreditation_software"]}