CVE-2023-6191 – This SQL injection vulnerability in Egehan Secu... (How to Fix)

Q: What is the severity of CVE-2023-6191?

CVE-2023-6191 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in Egehan Security WebPDKS allows attackers to execute arbitrary SQL commands on the database. All installations of WebPDKS through version 20240329 are affected, potentially compromising sensitive data and system integrity.

📋 TL;DR

This SQL injection vulnerability in Egehan Security WebPDKS allows attackers to execute arbitrary SQL commands on the database. All installations of WebPDKS through version 20240329 are affected, potentially compromising sensitive data and system integrity.

💻 Affected Systems

Products:

Egehan Security WebPDKS

Versions: through 20240329

Operating Systems: Not specified - likely web application platform independent

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using affected versions are vulnerable by default based on the CVE description.

📦 What is this software?

Webpdks by Webpdks

View all CVEs affecting Webpdks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, privilege escalation, and potential remote code execution on the underlying server.

🟠

Likely Case

Unauthorized access to sensitive data stored in the database, including user credentials, personal information, and system configuration.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity, especially when unauthenticated access is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor did not respond to disclosure

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to filter malicious requests.

Network Segmentation

all

Restrict access to WebPDKS to only trusted networks and implement strict firewall rules.

🧯 If You Can't Patch

Implement input validation and parameterized queries in application code
Deploy database monitoring and alerting for suspicious SQL queries

🔍 How to Verify

Check if Vulnerable:

Check WebPDKS version against affected range (through 20240329). Test with SQL injection payloads in application inputs.

Check Version:

Check WebPDKS interface or configuration files for version information

Verify Fix Applied:

Verify version is beyond 20240329 or test with SQL injection payloads to confirm they are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts with SQL syntax
Long or malformed HTTP requests to WebPDKS endpoints

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, INSERT, etc.)
Unusual traffic patterns to WebPDKS database ports

SIEM Query:

source="webpdks" AND (http_request CONTAINS "UNION" OR http_request CONTAINS "SELECT" OR http_request CONTAINS "INSERT" OR http_request CONTAINS "DELETE")

📊 Metadata

CVE ID: CVE-2023-6191

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 29, 2024

Last Updated: April 10, 2025

🔗 References

https://www.usom.gov.tr/bildirim/tr-24-0253 Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-24-0253 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6191, you might also want to check these: