CVE-2019-25488

🗓️ 12 Mar 2026 15:36:41Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 3 Views🌐 WEB

CVE-2019-25488: SQL injection in Jettweb Hazir Rent A Car Scripti V4 admin via tur, id, and ozellikdil.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2019-25488	12 Mar 202615:36	–	attackerkb
Circl	CVE-2019-25488	12 Mar 202615:16	–	circl
CNNVD	Jettweb Hazir Rent A Car Scripti SQL注入漏洞	12 Mar 202600:00	–	cnnvd
Cvelist	CVE-2019-25488 Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin	12 Mar 202615:36	–	cvelist
EUVD	EUVD-2019-19774	12 Mar 202618:30	–	euvd
NVD	CVE-2019-25488	12 Mar 202616:16	–	nvd
Positive Technologies	PT-2026-24967	12 Mar 202600:00	–	ptsecurity
Vulnrichment	CVE-2019-25488 Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin	12 Mar 202615:36	–	vulnrichment

NVD

Vulners

Node

jettweb php_ready_rent_a_car_site_scriptMatch4

[
  {
    "vendor": "Jettweb",
    "product": "Rent A Car Scripti",
    "versions": [
      {
        "version": "4.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
exploit-db	www.exploit-db.com/exploits/46614
vulncheck	www.vulncheck.com/advisories/jettweb-hazir-rent-a-car-scripti-v4-sql-injection-via-admin

Parameter	Position	Path	Description	CWE
tur	query param	admin/index.php	SQL injection vulnerability in admin/index.php allowing unauthenticated attackers to modify/extract data via GET parameters; targets tur, id, ozellikdil.	CWE-89
id	query param	admin/index.php	SQL injection vulnerability in admin/index.php allowing unauthenticated attackers to modify/extract data via GET parameters; targets tur, id, ozellikdil.	CWE-89
ozellikdil	query param	admin/index.php	SQL injection vulnerability in admin/index.php allowing unauthenticated attackers to modify/extract data via GET parameters; targets tur, id, ozellikdil.	CWE-89

17 Mar 2026 20:09Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18.2 - 9.8

CVSS 48.8

EPSS0.00125

SSVC

CWE-89