CVE-2019-25458

Szczegóły podatności CVE.

Aktualizacja: 04.03.2026, 01:54 (CET)

non-KEV CVSS 9.8 EPSS 0.0013 Score 29.48

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.

Źródła

Źródło	Link	Uwagi
NVD (NIST)	https://nvd.nist.gov/vuln/detail/CVE-2019-25458	Karta CVE w NVD
CISA KEV	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-25458	Wyszukiwanie CVE w KEV
FIRST EPSS	https://api.first.org/data/v1/epss?cve=CVE-2019-25458	API EPSS dla CVE
disclosure@vulncheck.com	https://www.exploit-db.com/exploits/47143	Exploit, VDB Entry
disclosure@vulncheck.com	https://www.vulncheck.com/advisories/web-ofisi-firma-rehberi-sql-injection-via-firmalarhtml	Broken Link
disclosure@vulncheck.com	https://www.web-ofisi.com/detay/firma-rehberi-scripti-v1.html	Product