Description
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Exposure
Action: Immediate Patch
AI Analysis

Impact

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains a SQL injection flaw that allows an unauthenticated attacker to inject SQL code into the videoid parameter of fonksiyonlar.php. By crafting a GET request that includes UNION-based injection syntax, an attacker can cause the application to return sensitive information from the database, potentially exposing confidential data and undermining data integrity.

Affected Systems

The vulnerability affects installations of the Jettweb Hazir Haber Sitesi Scripti product. Version details are not supplied in the advisory, so all deployed editions should be assumed at risk until a vendor update is confirmed.

Risk and Exploitability

The CVSS score of 8.8 reflects high severity. An EPSS score of less than 1% indicates a low current exploitation likelihood. The flaw is remotely exploitable over the network without authentication, using standard HTTP GET requests to fonksiyonlar.php. It is not listed in the CISA KEV catalog, but the ability to extract database contents makes it a critical risk if left unpatched.

Generated by OpenCVE AI on March 20, 2026 at 16:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Jettweb website or contact the vendor for an official patch and apply it immediately.
  • If no patch is available, restrict public access to fonksiyonlar.php or limit the videoid parameter to trusted users only.
  • Implement input validation that accepts only numeric values for videoid before the query is constructed.
  • Monitor application logs for suspicious GET requests to fonksiyonlar.php and investigate any anomalies.

Generated by OpenCVE AI on March 20, 2026 at 16:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Stock News Site Script
CPEs cpe:2.3:a:jettweb:php_stock_news_site_script:3:*:*:*:*:*:*:*
Vendors & Products Jettweb php Stock News Site Script

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb hazir Haber Sitesi Scripti
Vendors & Products Jettweb
Jettweb hazir Haber Sitesi Scripti

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.
Title Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Hazir Haber Sitesi Scripti Php Stock News Site Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:29:57.603Z

Reserved: 2026-03-12T13:47:50.173Z

Link: CVE-2019-25511

cve-icon Vulnrichment

Updated: 2026-03-12T16:29:53.790Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:03.337

Modified: 2026-03-17T19:58:06.643

Link: CVE-2019-25511

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:55:09Z

Weaknesses