CVE-2019-25459 HIGH

CVE-2019-25459: Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

Vendor Web-Ofisi
Product Emlak
Weakness CWE-89 · SQLi
Published February 22, 2026
Last update April 7, 2026
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.

Key dates

02Disclosure timeline

February 22, 2026 CVE published
April 7, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-11020 Grand Vice info Webopac7 - SQL Injection CVE-2024-12234 1000 Projects Beauty Parlour Management System edit-customer-detailed.php sql injection CVE-2024-7165 SourceCodester School Fees Payment System view_payment.php sql injection CVE-2025-3429 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text' CVE-2025-3318 Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 ShangpinleixingController.java page sql injection