CVE-2019-25488 HIGH

CVE-2019-25488: Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin

Vendor Jettweb
Product Rent A Car Scripti
Weakness CWE-89 · SQLi
Published March 12, 2026
Last update March 14, 2026
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service.

Key dates

02Disclosure timeline

March 12, 2026 CVE published
March 14, 2026 Record updated