Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Jettweb PHP Script: Unauthenticated Attackers Can Steal Database Information
CVE-2019-25511
Summary
The Jettweb PHP script has a security flaw that lets anyone access sensitive database information without a password. This is a serious issue because it allows attackers to steal confidential data. Update the script to fix the vulnerability and prevent unauthorized access.
Original title
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid para...
Original description
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026