{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25482", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-23T12:15:11.635Z", "datePublished": "2026-03-12T15:36:40.629Z", "dateUpdated": "2026-03-14T03:41:02.727Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-12T15:36:40.629Z"}, "datePublic": "2019-03-28T00:00:00.000Z", "title": "Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection", "descriptions": [{"lang": "en", "value": "Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "affected": [{"vendor": "Jettweb", "product": "Hazir Rent A Car Sitesi Scripti", "versions": [{"version": "2.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46624", "name": "ExploitDB-46624", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/jettweb-php-hazir-rent-a-car-sitesi-scripti-v2-sql-injection"}], "credits": [{"lang": "en", "value": "Ahmet \u00dcmit BAYRAM", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-14T03:40:48.336647Z", "id": "CVE-2019-25482", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-14T03:41:02.727Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25482", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-14T03:40:48.336647Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-14T03:40:58.308Z"}}], "cna": {"title": "Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection", "credits": [{"lang": "en", "type": "finder", "value": "Ahmet \u00dcmit BAYRAM"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Jettweb", "product": "Hazir Rent A Car Sitesi Scripti", "versions": [{"status": "affected", "version": "2.0"}]}], "datePublic": "2019-03-28T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46624", "name": "ExploitDB-46624", "tags": ["exploit"]}, {"url": "https://www.vulncheck.com/advisories/jettweb-php-hazir-rent-a-car-sitesi-scripti-v2-sql-injection", "name": "VulnCheck Advisory: Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-12T15:36:40.629Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25482", "state": "PUBLISHED", "dateUpdated": "2026-03-14T03:41:02.727Z", "dateReserved": "2026-02-23T12:15:11.635Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-12T15:36:40.629Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jettweb:php_ready_rent_a_car_site_script:2:*:*:*:*:*:*:*", "matchCriteriaId": "159B529E-2189-4C4B-914E-40721677A296", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information."}, {"lang": "es", "value": "Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contiene una vulnerabilidad de inyecci\u00f3n SQL que permite a atacantes no autenticados manipular consultas de base de datos inyectando c\u00f3digo SQL a trav\u00e9s del par\u00e1metro arac_kategori_id. Los atacantes pueden enviar solicitudes POST al endpoint con cargas \u00fatiles SQL maliciosas para extraer informaci\u00f3n sensible de la base de datos."}], "id": "CVE-2019-25482", "lastModified": "2026-03-17T20:12:41.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-12T16:16:02.440", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46624"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/jettweb-php-hazir-rent-a-car-sitesi-scripti-v2-sql-injection"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[2.0,2.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Hazir Rent A Car Sitesi Scripti", "source": "cna", "vendor": "Jettweb"}, "product": "hazir_rent_a_car_sitesi_scripti", "vendor": "jettweb"}], "analysis": {"en": {"generated_at": "2026-03-17T21:53:34.335102+00:00", "value": {"mitigation_remediation": ["Check the vendor's official website or repository for an updated version that addresses the SQL injection vulnerability.", "If a patch is unavailable, modify the script to sanitize the 'arac_kategori_id' parameter using prepared statements or proper escaping to prevent injection.", "Restrict the database privileges granted to the web application account to only those necessary for its operation.", "Enable logging and monitoring of database queries to detect anomalous activity that may indicate exploitation attempts."], "summary": {"action": "Patch ASAP", "impact": "Data Exfiltration via SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected system is the Jettweb PHP Hazir Rent A Car Sitesi Script version 2, as identified by the CPE cpe:2.3:a:jettweb:php_ready_rent_a_car_site_script:2:*:*:*:*:*:*.* Only the version 2 release is known to be vulnerable; sub\u2011versions or newer releases are not documented in the data.", "description_and_impact": "Jettweb PHP Hazir Rent A Car Sitesi Script V2 contains a SQL injection vulnerability that permits unauthenticated attackers to inject SQL code into the arac_kategori_id parameter, thereby manipulating database queries. The primary impact is the potential extraction of sensitive database information, compromising the confidentiality of data stored by the application. This weakness aligns with CWE-89 (SQL Injection).", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score is less than 1%, suggesting a low current exploitation probability. This vulnerability is not listed in the CISA KEV catalog. Attackers can exploit this through unauthenticated HTTP POST requests to the vulnerable endpoint, as the description states that malicious payloads can be injected via the arac_kategori_id parameter. The exploitation requires no pre-authentication and can be performed by any remote actor capable of sending HTTP requests to the application."}}}}, "created": "2026-03-13T09:52:57.628711+00:00", "updated": "2026-03-20T15:49:34.780148+00:00", "vendors": ["jettweb", "jettweb$PRODUCT$hazir_rent_a_car_sitesi_scripti"]}