Description
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is a SQL injection flaw in the datagetir.php endpoint of the Jettweb Hazir Haber Sitesi Scripti V3 application. The flaw allows an unauthenticated attacker to inject any SQL code via the 'q' parameter in a GET request, resulting in unintended database queries. This weakness, identified as CWE‑89, can lead to extraction of sensitive database information and, if credentials or privileged data are accessed, can enable further compromise of the underlying system.

Affected Systems

Affected product: Jettweb Hazir Haber Sitesi Scripti V3. No specific sub‑versions are listed; the CVE does not specify which version numbers are affected, so any installation presenting the datagetir.php endpoint may be vulnerable.

Risk and Exploitability

The CVSS score of 8.8 denotes high severity. The EPSS indicates an exploitation probability of less than one percent, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires only a remote HTTP GET request to datagetir.php without authentication; based on the description it is inferred that attackers can use time‑based blind SQL injection to retrieve data. The attack vector is web‑based and accessible to any user who can reach the affected endpoint.

Generated by OpenCVE AI on March 17, 2026 at 22:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or support portal for an updated version of Jettweb Hazir Haber Sitesi Scripti that addresses the SQL injection flaw, and apply the patch to all installations immediately.
  • If no patch is available, restrict access to datagetir.php by moving the script outside the web root, using .htaccess or firewall rules to allow only trusted IP addresses, or deactivating the script entirely.
  • Deploy a web application firewall that filters suspicious SQL patterns on the 'q' parameter and monitor logs for sign of injection attempts.

Generated by OpenCVE AI on March 17, 2026 at 22:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Stock News Site Script
CPEs cpe:2.3:a:jettweb:php_stock_news_site_script:3:*:*:*:*:*:*:*
Vendors & Products Jettweb php Stock News Site Script

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb hazir Haber Sitesi Scripti
Vendors & Products Jettweb
Jettweb hazir Haber Sitesi Scripti

Thu, 12 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.
Title Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection via datagetir.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Hazir Haber Sitesi Scripti Php Stock News Site Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T18:59:10.942Z

Reserved: 2026-03-12T13:48:49.203Z

Link: CVE-2019-25513

cve-icon Vulnrichment

Updated: 2026-03-12T18:59:03.264Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:03.710

Modified: 2026-03-17T19:53:14.243

Link: CVE-2019-25513

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:29Z

Weaknesses