Home / Vulnerability Intelligence / CVE-2019-25456

CVE-2019-25456 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: February 23, 2026

Web Ofisi Emlak - SQL Injection

Published: February 22, 2026Updated: February 23, 2026Remote Exploitable

Overview

Web Ofisi Emlak v2 contains an sql injection caused by unsanitized 'ara' GET parameter, letting unauthenticated attackers extract sensitive data or cause denial of service via time-based payloads.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive data or cause denial of service by exploiting SQL injection.

Mitigation

Update to the latest version of Web Ofisi Emlak.

References

https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-ara-parameter
https://www.web-ofisi.com/detay/emlak-scripti-v2.html
https://www.exploit-db.com/exploits/47141

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25456
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: unconfirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N