A vulnerability and a security issue have been reported in A-Emlak Pro, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.

1) Input passed to the "kadi" parameter in panel/-.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) The "acc.mdb" database file is stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information (e.g. user names, e-mail addresses and password hashes) by downloading the file.

Edit the source code to ensure that input is properly sanitised.
Move the database file out of the web root