CVE-2019-25514 HIGH

CVE-2019-25514: Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection

Vendor Jettweb

Product Hazir Haber Sitesi Scripti

Weakness CWE-89 · SQLi

Published March 12, 2026

Last update March 12, 2026

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.

Key dates

Disclosure timeline

March 12, 2026 CVE published

March 12, 2026 Record updated