CVE-2023-4674

CVE-2023-4674: SQLi in Yazteks E-Commerce Software

Vendor Yaztek Software Technologies And Computer Systems

Product E-Commerce Software

Weakness CWE-89 · SQLi

Published December 29, 2023

Last update May 21, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

December 29, 2023 CVE published

May 21, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4674 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-68056 WordPress LBG Zoominoutslider plugin <= 5.4.4 - SQL Injection vulnerability CVE-2026-48232 Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter CVE-2024-0952 WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id CVE-2025-4013 PHPGurukul Art Gallery Management System aboutus.php sql injection CVE-2024-0272 Kashipara Food Management System addmaterialsubmit.php sql injection