Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Jettweb News Site Script V1: Unprotected Database Access
CVE-2019-25516
Summary
Unauthenticated attackers can access sensitive information from the database by sending malicious requests to the Jettweb News Site Script V1. This can happen when users visit a specially crafted link or submit a malicious gallery ID. To protect your site, update to the latest version of the script or apply a patch to fix the vulnerability.
Original title
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id p...
Original description
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can send GET requests to gallery.php with malicious gallery_id values using UNION-based SQL injection to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026