Description
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Exfiltration via SQL Injection
Action: Patch ASAP
AI Analysis

Impact

Jettweb PHP Hazir Rent A Car Sitesi Script V2 contains a SQL injection vulnerability that permits unauthenticated attackers to inject SQL code into the arac_kategori_id parameter, thereby manipulating database queries. The primary impact is the potential extraction of sensitive database information, compromising the confidentiality of data stored by the application. This weakness aligns with CWE-89 (SQL Injection).

Affected Systems

The affected system is the Jettweb PHP Hazir Rent A Car Sitesi Script version 2, as identified by the CPE cpe:2.3:a:jettweb:php_ready_rent_a_car_site_script:2:*:*:*:*:*:*.* Only the version 2 release is known to be vulnerable; sub‑versions or newer releases are not documented in the data.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score is less than 1%, suggesting a low current exploitation probability. This vulnerability is not listed in the CISA KEV catalog. Attackers can exploit this through unauthenticated HTTP POST requests to the vulnerable endpoint, as the description states that malicious payloads can be injected via the arac_kategori_id parameter. The exploitation requires no pre-authentication and can be performed by any remote actor capable of sending HTTP requests to the application.

Generated by OpenCVE AI on March 17, 2026 at 21:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor's official website or repository for an updated version that addresses the SQL injection vulnerability.
  • If a patch is unavailable, modify the script to sanitize the 'arac_kategori_id' parameter using prepared statements or proper escaping to prevent injection.
  • Restrict the database privileges granted to the web application account to only those necessary for its operation.
  • Enable logging and monitoring of database queries to detect anomalous activity that may indicate exploitation attempts.

Generated by OpenCVE AI on March 17, 2026 at 21:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Ready Rent A Car Site Script
CPEs cpe:2.3:a:jettweb:php_ready_rent_a_car_site_script:2:*:*:*:*:*:*:*
Vendors & Products Jettweb php Ready Rent A Car Site Script

Sat, 14 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb hazir Rent A Car Sitesi Scripti
Vendors & Products Jettweb
Jettweb hazir Rent A Car Sitesi Scripti

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.
Title Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Hazir Rent A Car Sitesi Scripti Php Ready Rent A Car Site Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-14T03:41:02.727Z

Reserved: 2026-02-23T12:15:11.635Z

Link: CVE-2019-25482

cve-icon Vulnrichment

Updated: 2026-03-14T03:40:58.308Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:02.440

Modified: 2026-03-17T20:12:41.860

Link: CVE-2019-25482

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:34Z

Weaknesses