Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Jettweb PHP News Site Script V3 Allows Unauthenticated Admin Access
CVE-2019-25515
Summary
The Jettweb PHP News Site Script V3 has a security weakness that lets anyone access the admin panel without a password. This could allow an attacker to make changes to the website without permission. Update the script to fix this issue to prevent unauthorized access.
Original title
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access b...
Original description
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026