CVE-2019-25519
SQL Injection in Jettweb PHP Hazir Haber Script Allows Data Theft
Publication date: 2026-03-12
Last updated on: 2026-03-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jettweb | php_stock_news_site_script | 1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25519 is an SQL injection vulnerability found in Jettweb PHP Hazir Haber Sitesi Scripti V1. It allows attackers to manipulate database queries by injecting malicious SQL code through the "option" parameter in POST requests sent to the "uyelik.php" script.'}, {'type': 'paragraph', 'content': 'Attackers exploit this vulnerability using time-based SQL injection techniques to extract sensitive information from the database.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive database information by allowing attackers to execute malicious SQL commands.
Such exploitation can compromise the confidentiality of data, potentially exposing user information or other critical data stored in the database.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending crafted POST requests to the uyelik.php script with malicious payloads in the option parameter to test for time-based SQL injection.'}, {'type': 'paragraph', 'content': 'A common approach is to use tools like curl or sqlmap to send these requests and observe the response times or database error messages indicating SQL injection.'}, {'type': 'list_item', 'content': 'Using curl to test for time-based SQL injection: curl -X POST -d "option=1\' AND SLEEP(5)-- " http://target/uyelik.php'}, {'type': 'list_item', 'content': 'Using sqlmap to automate detection: sqlmap -u "http://target/uyelik.php" --data="option=1" --technique=T --time-sec=5'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying input validation and sanitization on the option parameter to prevent SQL injection.
Additionally, updating the Jettweb PHP Hazir Haber Sitesi Scripti to a version that patches this vulnerability or applying available security patches is critical.
As a temporary measure, restricting access to the uyelik.php script or implementing a web application firewall (WAF) to block malicious payloads targeting the option parameter can reduce risk.