CVE-2019-25458

Name of the Vulnerable Software and Affected Versions Web Ofisi Firma Rehberi version 1

Description The software contains an SQL injection flaw. Unauthenticated attackers can manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests with malicious payloads in the il, kat, or kelime parameters to extract sensitive database information or perform time-based blind SQL injection attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.