IDOR in Im Park’s DijiDemi_CVE-2026-6008

6.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Description

Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse.

This issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0.

Basic Information

ID CVE-2026-6008

Source TR-CERT

Published May 14, 2026 at 12:24

Modified May 14, 2026 at 13:48

Affected Product

Vendor Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co.

Product DijiDemi

Version v4.5.12.1

Affected Versions Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi v4.5.12.1

CWE Classification

CWE-639

References

siberguvenlik.gov.tr /guvenlik-bildirimleri/detay/tr-26-0239

{
    "lastseen": "",
    "description": "Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse.\n\nThis issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0.",
    "published": "2026-05-14T12:24:46.606Z",
    "modified": "2026-05-14T13:48:41.525Z",
    "type": "cve",
    "title": "IDOR in Im Park's DijiDemi",
    "source": "TR-CERT",
    "references": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0239",
    "id": "CVE-2026-6008",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi v4.5.12.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DijiDemi",
    "version": "v4.5.12.1",
    "vendor": "Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}