CVE-2019-25462

Name of the Vulnerable Software and Affected Versions Web Ofisi Rent a Car version 3

Description The software contains an SQL injection flaw. Unauthenticated attackers can manipulate database queries by injecting SQL code through the klima parameter. Attackers can send GET requests with malicious klima values to extract sensitive database information or cause a denial of service. The vulnerable API endpoint is not specified.

Recommendations Apply any available updates to address the issue. As a temporary workaround, sanitize or validate the klima parameter to prevent SQL injection attacks.