SQL Injection Flaw in Jettweb PHP Hazir Haber Sitesi Scripti V3
CVE-2019-25511

8.8HIGH

Key Information:

Vendor

Jettweb

Status
Hazir Haber Sitesi Scripti
Vendor
CVE Published:
12 March 2026

Badges

👾 Exploit Exists

What is CVE-2019-25511?

The Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that permits unauthenticated attackers to exploit insecure database queries. By manipulating the videoid parameter via GET requests to the fonksiyonlar.php file, attackers can leverage UNION-based injections, gaining unauthorized access to sensitive data stored in the database. This flaw highlights the critical need for improved input validation and secure coding practices to prevent potentially harmful data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Hazir Haber Sitesi Scripti 3.0

References

https://www.exploit-db.com/exploits/46599
exploit
https://www.vulncheck.com/advisories/jettweb-php-hazir-ha...
third-party-advisory

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ahmet Ümit BAYRAM
JSON
.