CVE-2019-25455 HIGH

CVE-2019-25455: Web Ofisi E-Ticaret v3 SQL Injection via ara.html

Vendor Web-Ofisi

Product Ticaret

Weakness CWE-89 · SQLi

Published February 22, 2026

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information.

Key dates

02Disclosure timeline

February 22, 2026 CVE published

April 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25455

Related vulnerabilities

04Related CVE

CVE-2025-54060 WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarInfoPessoal.php Endpoint CVE-2025-0308 Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection CVE-2015-10037 ACI_Escola sql injection CVE-2018-25165 Galaxy Forces MMORPG 0.5.8 SQL Injection via ads.php CVE-2025-9463 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter