CVE-2019-25518
Received Received - Intake
SQL Injection in Jettweb PHP Hazir Haber Sitesi Script

Publication date: 2026-03-12

Last updated on: 2026-03-17

Assigner: VulnCheck

Description
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter to extract sensitive data or modify database contents.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2026-03-12
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25518
EUVD
EUVD-2019-19796
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jettweb php_stock_news_site_script 1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2019-25518 is a high-severity SQL injection vulnerability affecting Jettweb PHP Hazir Haber Sitesi Scripti version 1.0 and earlier.'}, {'type': 'paragraph', 'content': 'The flaw exists in the arama.php file, specifically via the "poll" parameter, which is improperly sanitized.'}, {'type': 'paragraph', 'content': 'This allows unauthenticated attackers to inject malicious SQL code by sending POST requests with crafted SQL payloads in the poll parameter.'}, {'type': 'paragraph', 'content': 'As a result, attackers can manipulate database queries to extract sensitive information or alter database contents.'}] [1]

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive data stored in the database.

Attackers can extract confidential information or modify database contents, potentially leading to data breaches or data integrity issues.

The vulnerability has a high confidentiality impact, meaning sensitive data exposure is a significant risk.

However, the integrity impact is low and there is no impact on availability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for POST requests to the arama.php file that include the poll parameter with suspicious or crafted SQL payloads.'}, {'type': 'paragraph', 'content': 'A practical approach is to capture and analyze HTTP POST traffic targeting arama.php and inspect the poll parameter for SQL injection patterns.'}, {'type': 'list_item', 'content': 'Use network traffic analysis tools like tcpdump or Wireshark to filter POST requests to arama.php.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture relevant traffic: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /arama.php'"}, {'type': 'list_item', 'content': "Use web server logs to search for POST requests to arama.php with the poll parameter, for example: grep 'POST /arama.php' /var/log/apache2/access.log | grep 'poll='"}, {'type': 'paragraph', 'content': 'Further, automated vulnerability scanners or SQL injection detection tools can be used to test the poll parameter for injection vulnerabilities.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable arama.php script and sanitizing or validating the poll parameter to prevent SQL injection.

If possible, apply patches or updates provided by the vendor or disable the affected functionality until a fix is available.

  • Implement input validation and parameterized queries or prepared statements to prevent SQL injection.
  • Use web application firewalls (WAF) to block malicious POST requests targeting the poll parameter.
  • Monitor logs for suspicious activity and block IP addresses exhibiting exploit attempts.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25518. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart