Description
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Breach / Denial of Service
Action: Patch Immediately
AI Analysis

Impact

The system contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries via the GET parameters "tur", "id", and "ozellikdil" on the admin/index.php endpoint. Exploiting these flaws enables an attacker to extract sensitive database information or cause a denial of service. The weakness is classified as CWE-89, indicating input from users is directly included in SQL statements without proper sanitization.

Affected Systems

Affected products are provided by Jettweb: the "Rent A Car Scripti" (Php ready rent a car site script) version 4, as indicated by the CPE string cpe:2.3:a:jettweb:php_ready_rent_a_car_site_script:4. The vulnerability resides only in the administration panel of this script.

Risk and Exploitability

The CVSS score of 8.8 reflects a high severity, suggesting significant impact if exploited. The EPSS score of less than 1% indicates a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog, implying no known exploitation to date. Attackers do not need authentication to reach the vulnerable endpoint; the likely attack vector is a remote GET request over the network to /admin/index.php with crafted parameters.

Generated by OpenCVE AI on March 17, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply any vendor‑provided patch or update for Jettweb Rent A Car Scripti v4.
  • Limit access to the admin interface by IP whitelisting or requiring VPN/strong authentication before the vulnerability can be reached.
  • Deploy a web‑application firewall (WAF) to detect and block common SQL injections on the admin endpoint.
  • Monitor web and database logs for suspicious activity and block offending IP addresses.

Generated by OpenCVE AI on March 17, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Ready Rent A Car Site Script
CPEs cpe:2.3:a:jettweb:php_ready_rent_a_car_site_script:4:*:*:*:*:*:*:*
Vendors & Products Jettweb php Ready Rent A Car Site Script

Sat, 14 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb rent A Car Scripti
Vendors & Products Jettweb
Jettweb rent A Car Scripti

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service.
Title Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Php Ready Rent A Car Site Script Rent A Car Scripti
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-14T03:41:41.844Z

Reserved: 2026-02-24T15:22:13.384Z

Link: CVE-2019-25488

cve-icon Vulnrichment

Updated: 2026-03-14T03:41:37.278Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:02.623

Modified: 2026-03-17T20:09:32.330

Link: CVE-2019-25488

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:33Z

Weaknesses