Key detail from CVE description: Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. The vulnerability is a classic SQL injection where attackers can submit payloads in the username and password fields of admingiris.php, bypassing authentication and obtaining full administrative privileges. This results in the ability to modify content, alter configuration, and potentially compromise site availability and integrity. Reference: https://www.exploit-db.com/exploits/46598

Affected by the vendor/product Jettweb: Hazir Haber Sitesi Scripti V2 as listed under the CNA. The associated CPE string cpe:2.3:a:jettweb:php_stock_news_site_script:2:*:*:*:*:*:*:* indicates that any minor revision of the major V2 release is vulnerable. No specific sub‑version details are provided, so all 2.x releases should be considered at risk.

The CVSS score of 8.8 denotes high severity. The EPSS score is below 1%, indicating a low likelihood of current exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the publicly exposed web administration login page (admingiris.php), inferred from its description as an externally accessible script. Exploitation requires only basic SQL injection skill, no special network configuration or credentials, and can be performed by any unauthenticated attacker who can reach the login page.