CVE-2019-25513

Name of the Vulnerable Software and Affected Versions Jettweb PHP Hazir Haber Sitesi Scripti versions 3.0 through 3.0

Description The software contains a SQL injection flaw that allows unauthenticated attackers to manipulate database queries. This is achieved by injecting SQL code through the q parameter. Attackers can send GET requests to the ''datagetir.php'' endpoint with malicious q values, utilizing time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.

Recommendations Versions prior to 3.0 should be used.