Description
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Breach and Unauthorized Access
Action: Patch ASAP
AI Analysis

Impact

Jettweb PHP Hazir Haber Sitesi Script V3 has a SQL injection flaw that occurs when attackers supply a malicious value to the 'kelime' POST parameter. By exploiting UNION-based payloads, an attacker can read confidential database information or bypass authentication controls, leading to possible data breach and unauthorized access. This weakness corresponds to CWE‑89: Improper Neutralization of Inputs used in an SQL Command.

Affected Systems

Affected product is the Jettweb PHP Stock News Site Script version 3, as identified by the CPE cpe:2.3:a:jettweb:php_stock_news_site_script:3:*:*:*:*:*:*.*. The vulnerability applies to all builds labeled version 3; no further sub‑version granularity is provided.

Risk and Exploitability

The CVSS score of 8.8 denotes high severity. The EPSS score of less than 1% suggests exploitation is currently uncommon but still plausible. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires sending a crafted POST request containing a malicious 'kelime' value; authentication is not needed, implying a direct web‑application attack vector. Even with low exploitation probability, the impact warrants prompt action.

Generated by OpenCVE AI on March 17, 2026 at 22:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or community forums for a patch or update and apply it immediately if available. Until a patch exists, limit the database privileges of the application user to the least required rights. Deploy a web application firewall or equivalent filtering to detect and block SQL‑injection patterns targeting the 'kelime' field.

Generated by OpenCVE AI on March 17, 2026 at 22:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Stock News Site Script
CPEs cpe:2.3:a:jettweb:php_stock_news_site_script:3:*:*:*:*:*:*:*
Vendors & Products Jettweb php Stock News Site Script

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb hazir Haber Sitesi Scripti
Vendors & Products Jettweb
Jettweb hazir Haber Sitesi Scripti

Thu, 12 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.
Title Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Hazir Haber Sitesi Scripti Php Stock News Site Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T18:57:22.682Z

Reserved: 2026-03-12T13:49:16.712Z

Link: CVE-2019-25514

cve-icon Vulnrichment

Updated: 2026-03-12T18:57:12.999Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:03.897

Modified: 2026-03-17T19:50:32.980

Link: CVE-2019-25514

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:28Z

Weaknesses