PT-2026-24979 · Jettweb · Hazir Haber Sitesi Scripti+1
Published
2026-03-12
·
Updated
2026-03-12
·
CVE-2019-25519
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jettweb PHP Hazir Haber Sitesi Scripti version 1
Description
The software contains a SQL injection flaw that allows attackers to manipulate database queries. This is achieved by injecting malicious SQL code through the
option parameter. Attackers can send POST requests to the ''uyelik.php'' endpoint with crafted payloads in the option parameter to execute time-based SQL injection attacks and extract sensitive database information.Recommendations
Apply input validation and sanitization to the
option parameter in the ''uyelik.php'' endpoint to prevent the injection of malicious SQL code.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hazir Haber Sitesi Scripti
Php Stock News Site Script