CVE-2019-25515

Description

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.

PUBLISHED Reserved 2026-03-12 | Published 2026-03-12 | Updated 2026-03-12 | Assigner VulnCheck

Problem types

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Credits

Ahmet Ümit BAYRAM finder

References

www.exploit-db.com/exploits/46599 (ExploitDB-46599) exploit

www.vulncheck.com/...sitesi-scripti-v3-authentication-bypass (VulnCheck Advisory: Jettweb PHP Hazir Haber Sitesi Scripti V3 Authentication Bypass) third-party-advisory

cve.org (CVE-2019-25515)

nvd.nist.gov (CVE-2019-25515)

Download JSON