CVE-2025-9953
Deferred
Deferred - Pending Action
SQL Injection Authorization Bypass in Databank Accreditation Software
Vulnerability report for CVE-2025-9953, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-02-19
Last updated on: 2026-06-25
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.
This issue affects Databank Accreditation Software: before 2026/04.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| database_software_training_consulting_ltd | databank_accreditation_software | to 19022026 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-566 | The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor. |