Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Web Ofisi Emlak V2: Unauthenticated Attackers Can Steal Sensitive Data
CVE-2019-25459
Summary
Attackers can access sensitive information in Web Ofisi Emlak V2 by manipulating database queries through its online search feature. This could allow them to steal confidential data or disrupt the system. Update the application to fix this issue as soon as possible to protect your users.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| web-ofisi | emlak | 2.0.0 | – |
Original title
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject S...
Original description
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.
nvd CVSS3.1
9.8
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026