CVE-2023-5155 – This SQL injection vulnerability in Utarit Info... (How to Fix)

Q: What is the severity of CVE-2023-5155?

CVE-2023-5155 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in Utarit Information Technologies SoliPay Mobile App allows attackers to execute arbitrary SQL commands against the application's database. It affects all SoliPay Mobile App versions before 5.0.8, potentially compromising user data and application functionality.

📋 TL;DR

This SQL injection vulnerability in Utarit Information Technologies SoliPay Mobile App allows attackers to execute arbitrary SQL commands against the application's database. It affects all SoliPay Mobile App versions before 5.0.8, potentially compromising user data and application functionality.

💻 Affected Systems

Products:

Utarit Information Technologies SoliPay Mobile App

Versions: All versions before 5.0.8

Operating Systems: Android, iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the mobile application's database interaction layer. All installations with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Solipay Mobile by Utarit

View all CVEs affecting Solipay Mobile →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution on the database server.

🟠

Likely Case

Unauthorized access to sensitive user data (payment information, personal details), data manipulation, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permissions restricting unauthorized access.

🌐 Internet-Facing: HIGH - Mobile applications typically communicate with internet-facing backend services, making them accessible to remote attackers.

🏢 Internal Only: MEDIUM - Even if only used internally, compromised devices or insider threats could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity. The vulnerability allows unauthenticated exploitation based on the CWE-89 classification.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.8

Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-24-0104

Restart Required: Yes

Instructions:

1. Update SoliPay Mobile App to version 5.0.8 or later from official app stores. 2. Restart the application after update. 3. Verify the update was successful by checking the app version.

🔧 Temporary Workarounds

Network-level SQL injection filtering

all

Deploy web application firewall (WAF) rules to block SQL injection patterns at the network perimeter

Database access restrictions

all

Implement least privilege database accounts and restrict network access to database servers

🧯 If You Can't Patch

Isolate the application from sensitive systems and implement strict network segmentation
Deploy additional monitoring and alerting for suspicious database queries and access patterns

🔍 How to Verify

Check if Vulnerable:

Check the app version in the application settings or app store listing. If version is below 5.0.8, the system is vulnerable.

Check Version:

Check within the mobile app's settings menu or app store listing for version information

Verify Fix Applied:

Confirm the app version shows 5.0.8 or higher in the application settings after update.

📡 Detection & Monitoring

Log Indicators:

Unusual database query patterns
SQL syntax errors in application logs
Multiple failed login attempts with SQL-like patterns

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, INSERT, etc.)
Unusual database connection patterns from application servers

SIEM Query:

source="application_logs" AND ("SQL syntax" OR "database error" OR "unexpected token")

📊 Metadata

CVE ID: CVE-2023-5155

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 15, 2024

Last Updated: January 23, 2025

🔗 References

https://www.usom.gov.tr/bildirim/tr-24-0104 Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-24-0104 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5155, you might also want to check these: