Home / Vulnerability Intelligence / CVE-2019-25488

CVE-2019-25488 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 12, 2026

Jettweb Hazir Rent A Car Scripti - SQL Injection

Published: March 12, 2026Updated: March 12, 2026Remote Exploitable

Overview

Jettweb Hazir Rent A Car Scripti V4 contains multiple sql injection vulnerabilities caused by unsanitized GET parameters 'tur', 'id', and 'ozellikdil' in admin/index.php, letting unauthenticated attackers extract sensitive data or cause denial of service.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive database information or cause denial of service, potentially compromising the entire database.

Mitigation

Update to the latest version that patches these SQL injection vulnerabilities.

References

https://www.exploit-db.com/exploits/46614
https://www.vulncheck.com/advisories/jettweb-hazir-rent-a-car-scripti-v4-sql-injection-via-admin

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25488
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: unconfirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N