Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Web Ofisi Platinum E-Ticaret v5 allows hackers to steal sensitive data
CVE-2019-25461
Summary
The Web Ofisi Platinum E-Ticaret v5 software has a security weakness that allows unauthorized individuals to access and steal sensitive information from its database. This means that hackers can send malicious requests to the system and potentially get access to confidential data. To protect your business, update the software to the latest version or apply the necessary patches as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| web-ofisi | ticaret | 5.0.0 | – |
| web-ofisi | platinum_e-ticaret | 5.0.0 | – |
Original title
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attacke...
Original description
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026