Home / Vulnerability Intelligence / CVE-2019-25458

CVE-2019-25458 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: February 23, 2026

Web Ofisi Firma Rehberi - SQL Injection

Published: February 22, 2026Updated: February 23, 2026Remote Exploitable

Overview

Web Ofisi Firma Rehberi v1 contains an sql injection caused by unsanitized GET parameters 'il', 'kat', or 'kelime', letting unauthenticated attackers extract sensitive database information or perform time-based blind SQL injection attacks.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive database information or perform blind SQL injection, potentially compromising the entire database.

Mitigation

Update to the latest version with SQL injection mitigations.

References

https://www.web-ofisi.com/detay/firma-rehberi-scripti-v1.html
https://www.exploit-db.com/exploits/47143
https://www.vulncheck.com/advisories/web-ofisi-firma-rehberi-sql-injection-via-firmalarhtml

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25458
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: unconfirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N