CVE-2019-25511 HIGH

CVE-2019-25511: Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection

Vendor Jettweb
Product Hazir Haber Sitesi Scripti
Weakness CWE-89 · SQLi
Published March 12, 2026
Last update March 12, 2026
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.

Key dates

Disclosure timeline

March 12, 2026 CVE published
March 12, 2026 Record updated