SQL Injection Vulnerability in Web Ofisi Platinum E-Ticaret v5
CVE-2019-25460

8.8HIGH

Key Information:

Vendor

Web-ofisi

Status
Ticaret
Vendor
CVE Published:
22 February 2026

Badges

👾 Exploit Exists

What is CVE-2019-25460?

Web Ofisi Platinum E-Ticaret v5 is susceptible to an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands via the 'q' GET parameter. By leveraging this flaw, unauthenticated users can manipulate database queries, potentially exposing sensitive information stored in the database. This vulnerability can be exploited through crafted requests to the arama endpoint, which may lead to the extraction of valuable data using time-based SQL injection techniques.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ticaret v5

References

https://www.exploit-db.com/exploits/47140
exploit
https://www.web-ofisi.com/detay/platinum-e-ticaret-v5.html
product
https://www.vulncheck.com/advisories/web-ofisi-platinum-e...
third-party-advisory

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ahmet Ümit BAYRAM
JSON
.