Description
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Theft & Database Modification
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is a classic SQL injection in Jettweb PHP Hazir Haber Sitesi Scripti V3, where attackers can exploit the 'kelime' parameter in POST requests with UNION-based payloads to read or modify database data. This flaw is identified as CWE-89 and carries a high CVSS score of 8.8, indicating a significant threat to confidentiality and integrity.

Affected Systems

Affected systems are the Jettweb PHP Stock News Site Script V3. The CPE identifier cpe:2.3:a:jettweb:php_stock_news_site_script:3:*:*:*:*:*:*:* indicates that all instances of the v3 release are vulnerable. No specific sub‑version data is listed, so any deployment of version 3 should be considered at risk.

Risk and Exploitability

The vulnerability is high severity (CVSS 8.8) but its EPSS score is lower than 1%, implying that active exploitation is currently rare. The attack requires network access to the web application: an attacker must send a crafted POST request to the endpoint that processes the 'kelime' parameter. No patch or workaround is listed in the CVE record; the flaw is not included in the CISA KEV catalog. The main risk is the potential extraction of sensitive database content or unauthorized modification of records, which could lead to data breach and integrity damage.

Generated by OpenCVE AI on March 17, 2026 at 21:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check vendor’s website for patches or updates to Jettweb PHP Stock News Site Script V3
  • Apply vendor patch immediately when released
  • Limit or block access to the vulnerable endpoint handling the kelime parameter
  • Implement input validation or parameterized queries to prevent SQL injection
  • Use a web application firewall to detect and block UNION-based injection attempts
  • Monitor application logs for suspicious POST requests targeting kelime

Generated by OpenCVE AI on March 17, 2026 at 21:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Stock News Site Script
CPEs cpe:2.3:a:jettweb:php_stock_news_site_script:3:*:*:*:*:*:*:*
Vendors & Products Jettweb php Stock News Site Script

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb hazir Haber Sitesi Scripti
Vendors & Products Jettweb
Jettweb hazir Haber Sitesi Scripti

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.
Title Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Hazir Haber Sitesi Scripti Php Stock News Site Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:30:38.755Z

Reserved: 2026-03-12T13:48:16.947Z

Link: CVE-2019-25512

cve-icon Vulnrichment

Updated: 2026-03-12T16:30:32.989Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:03.517

Modified: 2026-03-17T19:55:37.327

Link: CVE-2019-25512

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:30Z

Weaknesses