{"api_version":"1","generated_at":"2026-06-04T11:22:38+00:00","cve":"CVE-2024-8259","urls":{"html":"https://cve.report/CVE-2024-8259","api":"https://cve.report/api/cve/CVE-2024-8259.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-8259","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-8259"},"summary":{"title":"Unauthenticated SQLi in Eryaz IT's NatraCar B2B Dealer Management Program","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.\n\nThis issue affects NatraCar B2B Dealer Management Program: through 09.12.2024.\n\n\n\n\n\nNOTE: The vendor was contacted and it was learned that the product is not supported.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2024-12-09 14:15:13","updated_at":"2026-06-02 09:16:12"},"problem_types":["CWE-89","CWE-89 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":[{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.usom.gov.tr/bildirim/tr-24-1881","name":"https://www.usom.gov.tr/bildirim/tr-24-1881","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1881","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1881","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-8259","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8259","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Eryaz Information Technologies","product":"NatraCar B2B Dealer Management Program","version":"affected 09.12.2024 custom","platforms":[]},{"source":"ADP","vendor":"eryaz_information_technologies","product":"natracar_b2b_dealer_management_program","version":"affected 09.12.2024 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Pinar TASGIN","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"8259","cve":"CVE-2024-8259","epss":"0.001400000","percentile":"0.338160000","score_date":"2026-06-03","updated_at":"2026-06-04 00:06:35"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"cpes":["cpe:2.3:a:eryaz_information_technologies:natracar_b2b_dealer_management_program:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"natracar_b2b_dealer_management_program","vendor":"eryaz_information_technologies","versions":[{"lessThanOrEqual":"09.12.2024","status":"affected","version":"0","versionType":"custom"}]}],"metrics":[{"other":{"content":{"id":"CVE-2024-8259","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-12-09T15:13:10.829916Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-04-03T19:26:35.191Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"affected","product":"NatraCar B2B Dealer Management Program","vendor":"Eryaz Information Technologies","versions":[{"lessThanOrEqual":"09.12.2024","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Pinar TASGIN"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.<p>This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024.<br></p><p>\nNOTE: The vendor was contacted and it was learned that the product is not supported.\n\n<br></p>"}],"value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.\n\nThis issue affects NatraCar B2B Dealer Management Program: through 09.12.2024.\n\n\n\n\n\nNOTE: The vendor was contacted and it was learned that the product is not supported."}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-02T08:22:47.232Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["government-resource","broken-link"],"url":"https://www.usom.gov.tr/bildirim/tr-24-1881"},{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1881"}],"source":{"advisory":"TR-24-1881","defect":["TR-24-1881"],"discovery":"UNKNOWN"},"title":"Unauthenticated SQLi in Eryaz IT's NatraCar B2B Dealer Management Program","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2024-8259","datePublished":"2024-12-09T13:23:06.505Z","dateReserved":"2024-08-28T09:08:16.109Z","dateUpdated":"2026-06-02T08:22:47.232Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-12-09 14:15:13","lastModifiedDate":"2026-06-02 09:16:12","problem_types":["CWE-89","CWE-89 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"8259","Ordinal":"1","Title":"Unauthenticated SQLi in Eryaz IT's NatraCar B2B Dealer Managemen","CVE":"CVE-2024-8259","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"8259","Ordinal":"1","NoteData":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.\n\nThis issue affects NatraCar B2B Dealer Management Program: through 09.12.2024.\n\n\n\n\n\nNOTE: The vendor was contacted and it was learned that the product is not supported.","Type":"Description","Title":"Unauthenticated SQLi in Eryaz IT's NatraCar B2B Dealer Managemen"}]}}}