Php Stock News Site Script CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-25511	1 Jettweb	2 Hazir Haber Sitesi Scripti, Php Stock News Site Script	2026-03-17	8.2 High
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.
CVE-2019-25512	1 Jettweb	2 Hazir Haber Sitesi Scripti, Php Stock News Site Script	2026-03-17	8.2 High
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.
CVE-2019-25513	1 Jettweb	2 Hazir Haber Sitesi Scripti, Php Stock News Site Script	2026-03-17	8.2 High
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.
CVE-2019-25514	1 Jettweb	2 Hazir Haber Sitesi Scripti, Php Stock News Site Script	2026-03-17	8.2 High
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.
CVE-2019-25515	1 Jettweb	2 Hazir Haber Sitesi Scripti, Php Stock News Site Script	2026-03-17	7.5 High
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.
CVE-2019-25516	1 Jettweb	2 Hazir Haber Sitesi Scripti, Php Stock News Site Script	2026-03-17	8.2 High
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can send GET requests to gallery.php with malicious gallery_id values using UNION-based SQL injection to extract sensitive database information.

Page 1 of 1.