CVE-2019-25514 | THREATINT

Description

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.

PUBLISHED Reserved 2026-03-12 | Published 2026-03-12 | Updated 2026-03-12 | Assigner VulnCheck

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Problem types

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

3.0

affected

Credits

Ahmet Ümit BAYRAM finder

References

www.exploit-db.com/exploits/46599 (ExploitDB-46599) exploit

www.vulncheck.com/...haber-sitesi-scripti-v3-sql-injection-3 (VulnCheck Advisory: Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection) third-party-advisory

cve.org (CVE-2019-25514)

nvd.nist.gov (CVE-2019-25514)

Download JSON