CVE-2019-25513 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: March 12, 2026
Jettweb PHP Hazir Haber Sitesi Scripti - SQL Injection
Published: March 12, 2026Updated: March 12, 2026Remote Exploitable
Overview
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an sql injection caused by unsanitized 'q' parameter in datagetir.php, letting unauthenticated attackers extract sensitive data or bypass authentication via time-based blind SQL injection.
Severity & Score
Severity: High
CVSS Score: 8.2
Impact
Unauthenticated attackers can extract sensitive database information or bypass authentication, compromising data confidentiality and system access.
Mitigation
Update to the latest version of Jettweb PHP Hazir Haber Sitesi Scripti or apply patches that sanitize SQL inputs.
References
Related Resources
Details
- CVE ID
- CVE-2019-25513
- Severity
- High
- CVSS Score
- 8.2
- Type
- sql_injection
- Status
- unconfirmed
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N