CVE-2019-25459

Name of the Vulnerable Software and Affected Versions Web Ofisi Emlak V2 (affected versions not specified)

Description The software contains multiple SQL injection flaws in an endpoint. Unauthenticated attackers can manipulate database queries through GET parameters. Specifically, attackers can inject SQL code into parameters such as emlak durumu, emlak tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.