SYS::ONLINE
Wasteland.
Briefs1143
Issues18
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-5955 2026-07-09

CVE-2026-5955: Critical SQL Injection in BiEticaret E-Commerce Platform

"A critical, unauthenticated SQL injection flaw (CVSS 9.8) affects all versions of Inrove's BiEticaret e-commerce software prior to v3.3.57, enabling remote attackers to compromise the confidentiality, integrity, and…"

A critical, unauthenticated SQL injection flaw (CVSS 9.8) affects all versions of Inrove's BiEticaret e-commerce software prior to v3.3.57, enabling remote attackers to compromise the confidentiality, integrity, and availability of affected systems.

What Is It

CVE-2026-5955 is an improper neutralization of special elements used in an SQL command, a classic SQL injection vulnerability (CWE-89), in BiEticaret, developed by Inrove Software and Internet Services. The flaw allows an attacker to inject arbitrary SQL commands into the application. It carries a CVSS 3.1 base score of 9.8 (CRITICAL) with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning it is exploitable over the network, requires low attack complexity, needs no privileges, and requires no user interaction.

Why It Matters

Because exploitation requires no authentication and no user interaction, an attacker can target vulnerable BiEticaret instances remotely with minimal effort. The vulnerability rates HIGH impact across all three security pillars: confidentiality, integrity, and availability. For an e-commerce platform, successful SQL injection can expose customer records, order data, and credentials, and permit unauthorized modification of application data.

What's Vulnerable

No specific affected CPEs were listed in the supplied NVD record.

Patch Status

The issue is resolved in BiEticaret v3.3.57. The NVD record lists versions at or above v3.3.57 as unaffected, so upgrading to v3.3.57 or later remediates the vulnerability. The CVE was published on 2026-07-09 with a status of "Received." No CISA KEV entry was supplied, so there is no confirmation of active exploitation in the source material.

Sources