Vulnerability Description
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Web-Ofisi | Emlak | 2.0.0 |
Related Weaknesses (CWE)
References
- https://www.exploit-db.com/exploits/47142Exploit
- https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-emlak-araBroken Link
- https://www.web-ofisi.com/detay/emlak-scripti-v3.htmlProduct
FAQ
What is CVE-2019-25459?
CVE-2019-25459 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL ...
How severe is CVE-2019-25459?
CVE-2019-25459 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-25459?
Check the references section above for vendor advisories and patch information. Affected products include: Web-Ofisi Emlak.