Description
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injection to extract sensitive database information or modify database contents.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch Now
AI Analysis

Impact

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection flaw that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter in haberarsiv.php. The vulnerability is a classic "Unrestricted Input" weakness (CWE-89) and can lead to extraction of sensitive data or modification of database contents, potentially compromising confidentiality, integrity, and availability of the site’s information. According to the vendor description, the flaw is caused by improper validation of the cid input, enabling UNION‑based injection to read or alter data.

Affected Systems

The affected system is the Jettweb Hazir Haber Sitesi Script v1. The product is identified by the CPE string cpe:2.3:a:jettweb:php_stock_news_site_script:1.*. No additional version information is supplied beyond the major revision 1.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity with a high impact. The EPSS score of <1% suggests that the likelihood of exploitation in the near term is low, and the vulnerability is not listed in the CISA KEV catalog, implying it is not known to be actively exploited in widespread attacks. Attackers would perform the exploit by sending HTTP requests directly to haberarsiv.php with a malicious cid value; no authentication is required.

Generated by OpenCVE AI on March 17, 2026 at 21:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or support channels for a security patch or updated version of Hazir Haber Sitesi Script that addresses the SQL injection issue.
  • If a patch is unavailable, implement input sanitization for the cid parameter by validating it against an allowed list of numeric values or by using parameterized queries (prepared statements).
  • Configure the web server or application firewall to block requests containing suspicious SQL keywords (e.g., UNION, SELECT, INSERT) specifically targeting haberarsiv.php.
  • Monitor HTTP access logs for anomalous cid values or repeated injection attempts and alert administrators to suspicious activity.
  • Plan a migration to a newer, supported version of the script or a different CMS platform to eliminate the vulnerability entirely.

Generated by OpenCVE AI on March 17, 2026 at 21:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Stock News Site Script
CPEs cpe:2.3:a:jettweb:php_stock_news_site_script:1:*:*:*:*:*:*:*
Vendors & Products Jettweb php Stock News Site Script

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb hazir Haber Sitesi Scripti
Vendors & Products Jettweb
Jettweb hazir Haber Sitesi Scripti

Thu, 12 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injection to extract sensitive database information or modify database contents.
Title Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via haberarsiv.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Hazir Haber Sitesi Scripti Php Stock News Site Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T18:50:42.310Z

Reserved: 2026-03-12T13:51:47.957Z

Link: CVE-2019-25517

cve-icon Vulnrichment

Updated: 2026-03-12T18:50:37.062Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:04.430

Modified: 2026-03-17T20:41:12.160

Link: CVE-2019-25517

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:25Z

Weaknesses