CVE-2019-25515

Name of the Vulnerable Software and Affected Versions Jettweb PHP Hazir Haber Sitesi Scripti versions 3.0 through 3.0

Description The software contains an authentication bypass issue in the login.php administration panel. An unauthenticated attacker can gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials. The API endpoint ''login.php'' is affected.

Recommendations Versions prior to 3.0 should be used.