5 matches found
CVE-2019-25516
The CVE-2019-25516 entry describes an SQL injection in Jettweb PHP Hazir Haber Sitesi Scripti V1, exploitable via GET requests to gallery.php with a malicious gallery_id (UNION-based) allowing unauthenticated data extraction. Metrics indicate CVSS v3.1 base score 8.2 (HIGH) and CVSS v4.0 base sco...
CVE-2019-25518
CVE-2019-25518 affects Jettweb PHP Hazir Haber Sitesi Scripti V1. An SQL injection flaw lets unauthenticated attackers inject SQL via the poll parameter in arama.php, enabling extraction or modification of database data. Root cause is unsafely constructed queries exposed to user input. Impact—hig...
CVE-2019-25520
CVE-2019-25520 affects Jettweb PHP Hazir Haber Sitesi Scripti V1. The administrative login in admingiris.php is vulnerable to authentication bypass via improper SQL query validation, enabling unauthenticated attackers to bypass login and access the admin interface. Attackers can submit SQL inject...
CVE-2019-25519
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability in the option parameter of uyelik.php, enabling time-based injections to extract sensitive data via crafted POST requests. Attacker access is described without authentication; CVSS notes high impact on confidentiali...
CVE-2019-25517
The CVE covers Jettweb PHP Hazir Haber Sitesi Scripti V1 with an SQL injection vulnerability in the haberarsiv.php script. The vulnerability is triggered via the cid parameter, allowing unauthenticated attackers to perform UNION-based injections to extract sensitive database information or modify...