← Zuruck zu CVEs
CVE-2019-25512
HIGH8.2
Beschreibung
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.
CVE Details
CVSS v3.1 Bewertung8.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/12/2026
Zuletzt geandert3/17/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
jettweb:php_stock_news_site_script
Schwachen (CWE)
CWE-89
Referenzen
https://www.exploit-db.com/exploits/46599(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/jettweb-php-hazir-haber-sitesi-scripti-v3-sql-injection-2(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.