Description
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass / Administrative Access
Action: Apply Patch
AI Analysis

Impact

The vulnerability in Jettweb's PHP Hazir Haber Sitesi Script version 1 allows an unauthenticated user to gain administrative access by exploiting improper SQL query validation. The flaw is specifically an SQL injection in the username and password fields of the admingiris.php login form, enabling attackers to bypass authentication and control the administrative interface. This weakness is identified as CWE-89 (SQL Injection).

Affected Systems

The affected product is Jettweb: Hazir Haber Sitesi Script v1, as indicated by the CPE string cpe:2.3:a:jettweb:php_stock_news_site_script:1 and the vendor/product listing. Versions beyond v1 are not specifically listed as affected.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score is reported as less than 1%, suggesting that exploitation probability is currently low. The vulnerability is not present in CISA's Known Exploited Vulnerabilities catalog. Based on the description, the likely attack vector is remote access via the publicly reachable admingiris.php login form, where an attacker can submit crafted SQL payloads to bypass authentication. No official workaround or patch is documented, so the risk remains significant for exposed installations.

Generated by OpenCVE AI on March 17, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch or upgrade to a fixed version of Jettweb PHP Hazir Haber Sitesi Script
  • If a patch is not available, restrict access to the admin panel using IP filtering, network segmentation, or a firewall rule
  • As a temporary measure, enforce basic authentication or additional access controls on the admingiris.php endpoint

Generated by OpenCVE AI on March 17, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb php Stock News Site Script
CPEs cpe:2.3:a:jettweb:php_stock_news_site_script:1:*:*:*:*:*:*:*
Vendors & Products Jettweb php Stock News Site Script

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jettweb
Jettweb hazir Haber Sitesi Scripti
Vendors & Products Jettweb
Jettweb hazir Haber Sitesi Scripti

Thu, 12 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.
Title Jettweb PHP Hazir Haber Sitesi Scripti V1 Authentication Bypass
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jettweb Hazir Haber Sitesi Scripti Php Stock News Site Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T18:43:47.951Z

Reserved: 2026-03-12T13:53:33.910Z

Link: CVE-2019-25520

cve-icon Vulnrichment

Updated: 2026-03-12T18:43:41.472Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:04.977

Modified: 2026-03-17T20:29:36.400

Link: CVE-2019-25520

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:23Z

Weaknesses