Home / Vulnerability Intelligence / CVE-2019-25520

CVE-2019-25520 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 12, 2026

Jettweb PHP Hazir Haber Sitesi Scripti - Authentication Bypass

Published: March 12, 2026Updated: March 12, 2026Remote Exploitable

Overview

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass caused by SQL injection in the admingiris.php login form, letting unauthenticated attackers gain administrative access, exploit requires crafted SQL injection payloads.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can bypass authentication and gain full administrative access to the system.

Mitigation

Update to the latest version with proper SQL query validation or apply patches to fix SQL injection.

References

https://www.exploit-db.com/exploits/46597
https://www.vulncheck.com/advisories/jettweb-php-hazir-haber-sitesi-scripti-v1-authentication-bypass

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25520
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: unconfirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N