CVE-2019-25517
Received Received - Intake
SQL Injection in Jettweb PHP Hazir Haber Sitesi Script

Publication date: 2026-03-12

Last updated on: 2026-03-17

Assigner: VulnCheck

Description
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injection to extract sensitive database information or modify database contents.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-03-17
Generated
2026-05-07
AI Q&A
2026-03-12
EPSS Evaluated
2026-05-05
NVD
CVE-2019-25517
EUVD
EUVD-2019-19794
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jettweb php_stock_news_site_script 1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2019-25517 is a high-severity SQL injection vulnerability found in Jettweb PHP Hazir Haber Sitesi Scripti version 1.0 and earlier. It exists in the "haberarsiv.php" file through the "cid" parameter, which is not properly sanitized. This flaw allows unauthenticated attackers to inject malicious SQL code by sending specially crafted requests with malicious "cid" values using UNION-based SQL injection techniques.'}, {'type': 'paragraph', 'content': 'Exploitation of this vulnerability enables attackers to manipulate database queries to extract sensitive information or modify database contents.'}] [1]


How can this vulnerability impact me? :

This vulnerability can have serious impacts including unauthorized access to sensitive database information and potential modification of database contents. Since attackers do not need any privileges or user interaction to exploit it, they can remotely extract confidential data or alter data integrity, which could lead to data breaches, loss of trust, and disruption of services.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending crafted HTTP requests to the vulnerable script (haberarsiv.php) with malicious values in the cid parameter to test for SQL injection.'}, {'type': 'paragraph', 'content': 'A common detection method is to use tools like curl or sqlmap to send requests and observe if the database responds with errors or returns unexpected data.'}, {'type': 'list_item', 'content': 'Using curl to test for SQL injection: curl "http://targetsite/haberarsiv.php?cid=1\' UNION SELECT NULL--"'}, {'type': 'list_item', 'content': 'Using sqlmap to automate detection: sqlmap -u "http://targetsite/haberarsiv.php?cid=1" --batch'}] [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the vulnerable script, applying input validation and sanitization on the cid parameter, and updating or patching the affected software if a fix is available.

Additionally, monitoring and blocking suspicious requests targeting the cid parameter can help reduce exploitation risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart