Lucene search
K
JettwebPhp Stock News Site Script1

5 matches found

CVE
CVE
added 2026/03/12 3:36 p.m.10 views

CVE-2019-25516

The CVE-2019-25516 entry describes an SQL injection in Jettweb PHP Hazir Haber Sitesi Scripti V1, exploitable via GET requests to gallery.php with a malicious gallery_id (UNION-based) allowing unauthenticated data extraction. Metrics indicate CVSS v3.1 base score 8.2 (HIGH) and CVSS v4.0 base sco...

8.8CVSS5.9AI score0.00439EPSS
CVE
CVE
added 2026/03/12 3:36 p.m.9 views

CVE-2019-25518

CVE-2019-25518 affects Jettweb PHP Hazir Haber Sitesi Scripti V1. An SQL injection flaw lets unauthenticated attackers inject SQL via the poll parameter in arama.php, enabling extraction or modification of database data. Root cause is unsafely constructed queries exposed to user input. Impact—hig...

8.8CVSS5.9AI score0.0036EPSS
CVE
CVE
added 2026/03/12 3:36 p.m.9 views

CVE-2019-25520

CVE-2019-25520 affects Jettweb PHP Hazir Haber Sitesi Scripti V1. The administrative login in admingiris.php is vulnerable to authentication bypass via improper SQL query validation, enabling unauthenticated attackers to bypass login and access the admin interface. Attackers can submit SQL inject...

9.8CVSS5.8AI score0.00432EPSS
CVE
CVE
added 2026/03/12 3:36 p.m.8 views

CVE-2019-25519

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability in the option parameter of uyelik.php, enabling time-based injections to extract sensitive data via crafted POST requests. Attacker access is described without authentication; CVSS notes high impact on confidentiali...

8.8CVSS6AI score0.00265EPSS
CVE
CVE
added 2026/03/12 3:36 p.m.7 views

CVE-2019-25517

The CVE covers Jettweb PHP Hazir Haber Sitesi Scripti V1 with an SQL injection vulnerability in the haberarsiv.php script. The vulnerability is triggered via the cid parameter, allowing unauthenticated attackers to perform UNION-based injections to extract sensitive database information or modify...

8.8CVSS5.9AI score0.00451EPSS