{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25512", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-12T13:48:16.947Z", "datePublished": "2026-03-12T15:36:45.870Z", "dateUpdated": "2026-03-12T16:30:38.755Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-12T15:36:45.870Z"}, "datePublic": "2019-03-25T00:00:00.000Z", "title": "Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection", "descriptions": [{"lang": "en", "value": "Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "affected": [{"vendor": "Jettweb", "product": "Hazir Haber Sitesi Scripti", "versions": [{"version": "3.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46599", "name": "ExploitDB-46599", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/jettweb-php-hazir-haber-sitesi-scripti-v3-sql-injection-2"}], "credits": [{"lang": "en", "value": "Ahmet \u00dcmit BAYRAM", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T16:30:27.589283Z", "id": "CVE-2019-25512", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:30:38.755Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25512", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T16:30:27.589283Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:30:32.989Z"}}], "cna": {"title": "Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection", "credits": [{"lang": "en", "type": "finder", "value": "Ahmet \u00dcmit BAYRAM"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Jettweb", "product": "Hazir Haber Sitesi Scripti", "versions": [{"status": "affected", "version": "3.0"}]}], "datePublic": "2019-03-25T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46599", "name": "ExploitDB-46599", "tags": ["exploit"]}, {"url": "https://www.vulncheck.com/advisories/jettweb-php-hazir-haber-sitesi-scripti-v3-sql-injection-2", "name": "VulnCheck Advisory: Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-12T15:36:45.870Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25512", "state": "PUBLISHED", "dateUpdated": "2026-03-12T16:30:38.755Z", "dateReserved": "2026-03-12T13:48:16.947Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-12T15:36:45.870Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jettweb:php_stock_news_site_script:3:*:*:*:*:*:*:*", "matchCriteriaId": "191096BE-02D9-4CA6-8441-543440DEF55C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents."}, {"lang": "es", "value": "Jettweb PHP Hazir Haber Sitesi Scripti V3 contiene una vulnerabilidad de inyecci\u00f3n SQL que permite a los atacantes inyectar comandos SQL maliciosos a trav\u00e9s del par\u00e1metro kelime en solicitudes POST. Los atacantes pueden manipular el par\u00e1metro kelime con cargas \u00fatiles de inyecci\u00f3n SQL basadas en UNION para extraer informaci\u00f3n sensible de la base de datos o modificar el contenido de la base de datos."}], "id": "CVE-2019-25512", "lastModified": "2026-03-17T19:55:37.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-12T16:16:03.517", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46599"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/jettweb-php-hazir-haber-sitesi-scripti-v3-sql-injection-2"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Hazir Haber Sitesi Scripti", "source": "cna", "vendor": "Jettweb"}, "product": "hazir_haber_sitesi_scripti", "vendor": "jettweb"}], "analysis": {"en": {"generated_at": "2026-03-17T21:44:19.946162+00:00", "value": {"mitigation_remediation": ["Check vendor\u2019s website for patches or updates to Jettweb PHP Stock News Site Script V3", "Apply vendor patch immediately when released", "Limit or block access to the vulnerable endpoint handling the kelime parameter", "Implement input validation or parameterized queries to prevent SQL injection", "Use a web application firewall to detect and block UNION-based injection attempts", "Monitor application logs for suspicious POST requests targeting kelime"], "summary": {"action": "Patch Immediately", "impact": "Data Theft & Database Modification"}, "threat_synthesis": {"affected_systems": "Affected systems are the Jettweb PHP Stock News Site Script V3. The CPE identifier cpe:2.3:a:jettweb:php_stock_news_site_script:3:*:*:*:*:*:*:* indicates that all instances of the v3 release are vulnerable. No specific sub\u2011version data is listed, so any deployment of version 3 should be considered at risk.", "description_and_impact": "The vulnerability is a classic SQL injection in Jettweb PHP Hazir Haber Sitesi Scripti V3, where attackers can exploit the 'kelime' parameter in POST requests with UNION-based payloads to read or modify database data. This flaw is identified as CWE-89 and carries a high CVSS score of 8.8, indicating a significant threat to confidentiality and integrity.", "risk_and_exploitability": "The vulnerability is high severity (CVSS 8.8) but its EPSS score is lower than 1%, implying that active exploitation is currently rare. The attack requires network access to the web application: an attacker must send a crafted POST request to the endpoint that processes the 'kelime' parameter. No patch or workaround is listed in the CVE record; the flaw is not included in the CISA KEV catalog. The main risk is the potential extraction of sensitive database content or unauthorized modification of records, which could lead to data breach and integrity damage."}}}}, "created": "2026-03-13T09:52:52.529574+00:00", "updated": "2026-03-20T15:49:30.434492+00:00", "vendors": ["jettweb", "jettweb$PRODUCT$hazir_haber_sitesi_scripti"]}