CRITICAL🇵🇱 Wersja polska

CVE-2024-0857

CVSS 9.8v3.1pub. 2024-07-18upd. 2026-06-03

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection. This issue affects FlexWater Corporate Water Management: before 5.452.0.

🤖 AI Analysis
How it works

The vulnerability results from improper neutralization of special characters passed to SQL queries — the application does not filter or parameterize user input data before using it in database commands. An attacker can remotely, without authentication and without user interaction, inject arbitrary SQL commands over the network. This allows reading, modifying, or deleting data stored in the water management system database.

Impact

An attacker can gain full access to the database (confidentiality, integrity, availability), which in the context of a water infrastructure management system may mean theft of operational data, modification of configuration, or complete system shutdown.

Mitigation & patch

FlexWater Corporate Water Management should be updated to version 5.452.0 or later. Detailed information is available in the USOM security notice at https://www.usom.gov.tr/bildirim/tr-24-1011

Who is affected

FlexWater Corporate Water Management in versions prior to 5.452.0 (manufacturer: Universal Software Inc.)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Uni Yaz Flexwater Corporate Water Management

    APP
    Uni-Yaz
    < 5.452.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-14349HIGH8.8ten sam vendor

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal...

CVE-2026-1618HIGH8.8ten sam vendor

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kio...

CVE-2026-1619HIGH8.3ten sam vendor

Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allow...