5 matches found
CVE-2019-25514
CVE-2019-25514 concerns the Jettweb PHP Hazir Haber Sitesi Scripti V3, which contains an SQL injection vulnerability exposed via the POST parameter kelime . The connected ENISA/EUVD entry confirms that attackers can inject SQL payloads through the kelime parameter (e.g., UNION-based injections) t...
CVE-2019-25513
The CVE-2019-25513 entry affects Jettweb PHP Hazir Haber Sitesi Scripti V3. An SQL injection flaw exists in the datagetir.php interface via the q parameter, allowing unauthenticated attackers to manipulate database queries using time-based blind techniques to extract data or bypass authentication...
CVE-2019-25511
CVE-2019-25511 describes an SQL injection in the Jettweb PHP Hazir Haber Sitesi Scripti V3. An unauthenticated attacker can manipulate queries by supplying malicious values to the videoid parameter in GET requests to fonksiyonlar.php, using UNION-based injection to exfiltrate data. The CVSS metri...
CVE-2019-25515
The connected documents confirm CVE-2019-25515 affects Jettweb PHP Hazir Haber Sitesi Scripti V3, via an authentication bypass in login.php that lets unauthenticated attackers gain administrative access by submitting crafted SQL syntax (e.g., equals signs and 'or' operators). No remediation or pa...
CVE-2019-25512
CVE-2019-25512 affects Jettweb PHP Hazir Haber Sitesi Scripti V3. The vulnerability is an SQL injection exploitable through the kelime parameter in POST requests, allowing UNION-based payloads to extract or modify database contents. The reports indicate a NETWORK attack vector with LOW complexity...