Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Web Ofisi Rent a Car v3: Unauthenticated database access via 'klima' parameter
CVE-2019-25462
Summary
An attacker can access sensitive database information or disrupt the system by sending malicious requests to the 'klima' parameter. This affects the Web Ofisi Rent a Car version 3 software. To stay secure, update to the latest version, and consider changing the 'klima' parameter to prevent similar attacks.
Original title
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers c...
Original description
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cause denial of service.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026