11 matches found
CVE-2019-25514
CVE-2019-25514 concerns the Jettweb PHP Hazir Haber Sitesi Scripti V3, which contains an SQL injection vulnerability exposed via the POST parameter kelime . The connected ENISA/EUVD entry confirms that attackers can inject SQL payloads through the kelime parameter (e.g., UNION-based injections) t...
CVE-2019-25513
The CVE-2019-25513 entry affects Jettweb PHP Hazir Haber Sitesi Scripti V3. An SQL injection flaw exists in the datagetir.php interface via the q parameter, allowing unauthenticated attackers to manipulate database queries using time-based blind techniques to extract data or bypass authentication...
CVE-2019-25515
The connected documents confirm CVE-2019-25515 affects Jettweb PHP Hazir Haber Sitesi Scripti V3, via an authentication bypass in login.php that lets unauthenticated attackers gain administrative access by submitting crafted SQL syntax (e.g., equals signs and 'or' operators). No remediation or pa...
CVE-2019-25516
The CVE-2019-25516 entry describes an SQL injection in Jettweb PHP Hazir Haber Sitesi Scripti V1, exploitable via GET requests to gallery.php with a malicious gallery_id (UNION-based) allowing unauthenticated data extraction. Metrics indicate CVSS v3.1 base score 8.2 (HIGH) and CVSS v4.0 base sco...
CVE-2019-25510
CVE-2019-25510 affects Jettweb PHP Hazir Haber Sitesi Scripti V2. The vulnerability is an authentication bypass in the administration panel caused by improper SQL query validation in the admingiris.php login form, enabling unauthenticated attackers to bypass login and access the administrative in...
CVE-2019-25519
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability in the option parameter of uyelik.php, enabling time-based injections to extract sensitive data via crafted POST requests. Attacker access is described without authentication; CVSS notes high impact on confidentiali...
CVE-2019-25511
CVE-2019-25511 describes an SQL injection in the Jettweb PHP Hazir Haber Sitesi Scripti V3. An unauthenticated attacker can manipulate queries by supplying malicious values to the videoid parameter in GET requests to fonksiyonlar.php, using UNION-based injection to exfiltrate data. The CVSS metri...
CVE-2019-25517
The CVE covers Jettweb PHP Hazir Haber Sitesi Scripti V1 with an SQL injection vulnerability in the haberarsiv.php script. The vulnerability is triggered via the cid parameter, allowing unauthenticated attackers to perform UNION-based injections to extract sensitive database information or modify...
CVE-2019-25518
CVE-2019-25518 affects Jettweb PHP Hazir Haber Sitesi Scripti V1. An SQL injection flaw lets unauthenticated attackers inject SQL via the poll parameter in arama.php, enabling extraction or modification of database data. Root cause is unsafely constructed queries exposed to user input. Impact—hig...
CVE-2019-25520
CVE-2019-25520 affects Jettweb PHP Hazir Haber Sitesi Scripti V1. The administrative login in admingiris.php is vulnerable to authentication bypass via improper SQL query validation, enabling unauthenticated attackers to bypass login and access the admin interface. Attackers can submit SQL inject...
CVE-2019-25512
CVE-2019-25512 affects Jettweb PHP Hazir Haber Sitesi Scripti V3. The vulnerability is an SQL injection exploitable through the kelime parameter in POST requests, allowing UNION-based payloads to extract or modify database contents. The reports indicate a NETWORK attack vector with LOW complexity...