Description
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter to extract sensitive data or modify database contents.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection leading to data breach
Action: Apply patch
AI Analysis

Impact

The vulnerability exists in Jettweb PHP Hazir Haber Sitesi Scripti V1 and allows attackers to inject arbitrary SQL through the poll parameter in arama.php. By sending crafted POST requests, an attacker can read sensitive data from the database, modify records, or delete information, thereby compromising confidentiality and integrity. The weakness is classified as CWE-89 (SQL Injection).

Affected Systems

Affected systems include the Jettweb Hazir Haber Sitesi Scripti version 1, as identified by the CPE cpe:2.3:a:jettweb:php_stock_news_site_script:1:*:*:*:*:*:*:* and the vendor’s product listing.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity. The EPSS score is reported as less than 1%, suggesting low current exploitation likelihood, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires only a POST request to arama.php with an injected payload, and no authentication is required, making the attack vector remote and publicly reachable. This aligns with the vendor description stating that unauthenticated attackers can manipulate database queries.

Generated by OpenCVE AI on March 17, 2026 at 21:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and install the vendor’s updated version of the script if available
  • If an update is not available, restrict access to arama.php so that only authenticated users can interact with it
  • Implement input sanitization or parameterized queries to neutralize SQL injection attempts
  • Deploy a Web Application Firewall that flags and blocks suspicious SQL patterns
  • Monitor database activity for unexpected query patterns and audit logs regularly

Generated by OpenCVE AI on March 17, 2026 at 21:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Stock News Site Script
CPEs cpe:2.3:a:jettweb:php_stock_news_site_script:1:*:*:*:*:*:*:*
Vendors & Products Jettweb php Stock News Site Script

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb hazir Haber Sitesi Scripti
Vendors & Products Jettweb
Jettweb hazir Haber Sitesi Scripti

Thu, 12 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter to extract sensitive data or modify database contents.
Title Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via arama.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Hazir Haber Sitesi Scripti Php Stock News Site Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T18:48:39.515Z

Reserved: 2026-03-12T13:52:30.001Z

Link: CVE-2019-25518

cve-icon Vulnrichment

Updated: 2026-03-12T18:48:34.691Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:04.610

Modified: 2026-03-17T20:33:38.320

Link: CVE-2019-25518

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:24Z

Weaknesses