Description
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to execute time-based SQL injection attacks and extract sensitive database information.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a classic SQL injection (CWE‑89) in the 'option' parameter of Jettweb PHP Hazir Haber Sitesi Script v1. Attackers can send crafted POST requests to uyelik.php, causing the application to execute arbitrary SQL statements. This allows the extraction of sensitive database information, leading to unauthorized data access.

Affected Systems

The vulnerability affects installations of Jettweb PHP Hazir Haber Sitesi Script v1. The official product identifier is cpe:2.3:a:jettweb:php_stock_news_site_script:1:*:*:*:*:*:*:*, and all V1 instances are considered vulnerable due to the lack of a more granular version requirement in the CNA output.

Risk and Exploitability

The vulnerability has a CVSS score of 8.8, indicating high severity. The EPSS score is below 1 %, indicating that exploitation is not widespread at present, and it is not listed in the CISA KEV catalog. The attack vector is remote, over HTTP POST to uyelik.php, requiring only normal web access permissions to initiate the injection.

Generated by OpenCVE AI on March 17, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website for a patched or newer version of the Jettweb PHP Hazir Haber Sitesi Script and apply the update if available.
  • If no patch exists, implement strict input validation on the 'option' parameter, preferably using prepared statements or parameterized queries to prevent SQL injection.
  • Deploy a web application firewall or intrusion detection system to detect and block SQL injection attempts against uyelik.php.
  • Restrict remote access to the script and consider enforcing a whitelist of allowed 'option' parameter values to limit the attack surface.

Generated by OpenCVE AI on March 17, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Stock News Site Script
CPEs cpe:2.3:a:jettweb:php_stock_news_site_script:1:*:*:*:*:*:*:*
Vendors & Products Jettweb php Stock News Site Script

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb hazir Haber Sitesi Scripti
Vendors & Products Jettweb
Jettweb hazir Haber Sitesi Scripti

Thu, 12 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to execute time-based SQL injection attacks and extract sensitive database information.
Title Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Hazir Haber Sitesi Scripti Php Stock News Site Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T18:45:26.122Z

Reserved: 2026-03-12T13:52:56.915Z

Link: CVE-2019-25519

cve-icon Vulnrichment

Updated: 2026-03-12T18:45:20.848Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:04.800

Modified: 2026-03-17T20:30:23.713

Link: CVE-2019-25519

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:24Z

Weaknesses