Web Ofisi Firma v13 is susceptible to an unauthenticated SQL injection attack that could lead to a complete compromise of the application's database.

The application processes the 'oz' array parameter without sufficient sanitization. An unauthenticated attacker can inject malicious SQL code through this parameter to bypass security controls and interact directly with the database.

The potential for data theft and unauthorized modification of company records is high. With a CVSS score of 8.2, this vulnerability poses a substantial threat to any organization relying on this software for firm management or directory services.

Immediate Action: Immediately apply the vendor-provided patches for Web Ofisi Firma v13 to secure the 'oz' parameter processing logic.

Proactive Monitoring: Regularly audit database logs for evidence of SQL syntax errors or unauthorized table access attempts.

Compensating Controls: Deploy or configure a Web Application Firewall (WAF) to detect and block array-based SQL injection attempts.

Public Exploit Available: false

The unauthenticated nature of this SQL injection makes it a critical target for automated exploitation scripts. We recommend that administrators verify their current version and apply necessary updates immediately to prevent data loss or unauthorized access.