This vulnerability involves improper neutralization of special elements in SQL commands within TeconceTheme Uroan Core, enabling Blind SQL Injection attacks. It affects all versions up to 1.4.4. The attack vector is network-based with no privileges or user interaction needed. Successful exploitation can lead to high confidentiality impact by allowing attackers to extract data from the backend database. The vulnerability is classified as critical with a CVSS 3.1 score of 9.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). There is no vendor advisory or patch information currently available.

An attacker can exploit this vulnerability remotely without authentication or user interaction to perform Blind SQL Injection, potentially extracting sensitive information from the database. The integrity and availability impacts are low, but confidentiality impact is high. This could lead to significant data exposure in affected deployments.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider applying any recommended workarounds from the vendor or restricting access to the affected application to trusted networks only. Monitor for updates from TeconceTheme regarding patches or mitigations.