CVE-2019-25482
Received Received - Intake
SQL Injection in Jettweb PHP Hazir Rent A Car Script

Publication date: 2026-03-12

Last updated on: 2026-03-17

Assigner: VulnCheck

Description
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2026-03-12
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25482
EUVD
EUVD-2019-19772
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jettweb php_ready_rent_a_car_site_script 2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2019-25482 is an SQL injection vulnerability found in Jettweb PHP Hazir Rent A Car Sitesi Scripti V2. It allows unauthenticated attackers to manipulate database queries by injecting malicious SQL code through the 'arac_kategori_id' parameter, which is sent via POST requests to a specific endpoint."}, {'type': 'paragraph', 'content': 'By exploiting this vulnerability, attackers can send specially crafted SQL payloads that alter the intended database queries, potentially extracting sensitive information from the database.'}] [1, 2]

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive database information. Attackers can exploit the SQL injection flaw to extract confidential data without authentication.

The vulnerability has a high severity rating with a CVSS v4 score of 8.8, indicating it is exploitable over the network with low attack complexity and no privileges or user interaction required.

Such unauthorized data access can lead to data breaches, loss of confidentiality, and potential misuse of the extracted information.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This SQL injection vulnerability can be detected by sending crafted POST requests to the endpoint `/fiyat-goster.html` with malicious payloads in the `arac_kategori_id` parameter and observing the response for signs of SQL injection.'}, {'type': 'paragraph', 'content': "A proof-of-concept payload to test the vulnerability is: arac_kategori_id=-1' OR 3*2*1=6 AND 000224=000224 --"}, {'type': 'paragraph', 'content': 'You can use curl commands to test this on your system or network. For example:'}, {'type': 'list_item', 'content': 'curl -X POST -d "arac_kategori_id=-1\' OR 3*2*1=6 AND 000224=000224 -- " http://[target]/fiyat-goster.html'}, {'type': 'paragraph', 'content': 'If the response contains unexpected data or errors indicating SQL query manipulation, the vulnerability is likely present.'}] [1, 2]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25482. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart