Description
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to extract sensitive database information.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection – Data Leakage
Action: Immediate Patch
AI Analysis

Impact

Jettweb Php Hazir Ilan Sitesi Scripti V2 has a critical SQL injection flaw that exists in the katgetir.php endpoint. Unauthenticated attackers can inject arbitrary SQL through the 'kat' GET parameter, enabling them to manipulate queries and extract sensitive data. The vulnerability falls under CWE-89 and can lead to loss of confidentiality by exposing database contents.

Affected Systems

The flaw affects Jettweb's Ready Advertisement Site Script version 2, as identified by the cpe:2.3:a:jettweb:php_ready_advertisement_site_script:2. The vulnerable endpoint is katgetir.php. No specific sub-versions are listed; the impact applies to all installations of the v2 script that have not applied a patch.

Risk and Exploitability

The CVSS score of 8.8 classifies this issue as High severity, while the EPSS score of less than 1% suggests a low predicted exploitation likelihood. The vulnerability is not included in the CISA KEV catalogue. An attacker simply needs network access to the web server hosting the script and can send a crafted GET request to katgetir.php; no authentication is required. Given the ease of exploitation and the potential for data exposure, administrators should treat this as a high-priority risk.

Generated by OpenCVE AI on March 17, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor-provided patch or upgrade to a corrected version of Jettweb's Ready Advertisement Site Script.
  • If a patch is unavailable, restrict web access to katgetir.php by configuring firewall rules or .htaccess directives to limit requests to trusted IP ranges.
  • As a temporary measure, implement input validation or use parameterized queries to sanitize the 'kat' parameter.
  • Monitor web server logs for anomalous GET requests to katgetir.php and review database access patterns.
  • Check the vendor's official website or support channels for any security advisories or updates.

Generated by OpenCVE AI on March 17, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Ready Advertisement Site Script
CPEs cpe:2.3:a:jettweb:php_ready_advertisement_site_script:2:*:*:*:*:*:*:*
Vendors & Products Jettweb php Ready Advertisement Site Script

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb hazir Ilan Sitesi Scripti
Vendors & Products Jettweb
Jettweb hazir Ilan Sitesi Scripti

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to extract sensitive database information.
Title Jettweb Php Hazir Ilan Sitesi Scripti V2 SQL Injection via katgetir.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Hazir Ilan Sitesi Scripti Php Ready Advertisement Site Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:25:46.320Z

Reserved: 2026-03-12T13:43:57.681Z

Link: CVE-2019-25508

cve-icon Vulnrichment

Updated: 2026-03-12T16:25:42.575Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:02.807

Modified: 2026-03-17T20:05:11.250

Link: CVE-2019-25508

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:33Z

Weaknesses