CVE-2019-25459 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: February 23, 2026
Web Ofisi Emlak V2 - SQL Injection
Published: February 22, 2026Updated: February 23, 2026Remote Exploitable
Overview
Web Ofisi Emlak V2 contains multiple sql injection vulnerabilities caused by unsanitized GET parameters including emlak_durumu, emlak_tipi, il, ilce, kelime, and semt, letting unauthenticated attackers extract sensitive database information or perform time-based blind SQL injection attacks.
Severity & Score
Severity: High
CVSS Score: 8.2
Impact
Unauthenticated attackers can extract sensitive database information or perform time-based blind SQL injection attacks, potentially compromising the entire database.
Mitigation
Update to the latest version with SQL injection protections or apply input sanitization and parameterized queries.
References
Related Resources
Details
- CVE ID
- CVE-2019-25459
- Severity
- High
- CVSS Score
- 8.2
- Type
- sql_injection
- Status
- unconfirmed
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N