Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Jettweb Rent A Car Website Script: Unauthenticated Database Access Risk
CVE-2019-25482
Summary
The Jettweb Rent A Car Website Script contains a security flaw that lets anyone access sensitive database information without needing a login. This could allow attackers to steal or modify important data. Update the script to fix this vulnerability as soon as possible.
Original title
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_ka...
Original description
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026