Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Jettweb PHP Site Software: Unauthenticated Data Exposure
CVE-2019-25513
Summary
The Jettweb PHP site software has a security weakness that allows hackers to access sensitive information without a password. This can happen if the software is not properly set up or maintained. To fix this, update the software to the latest version and ensure that the 'q' parameter is properly sanitized to prevent malicious input.
Original title
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' paramete...
Original description
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026