Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information.
PUBLISHED5.2CWE-89
Web Ofisi E-Ticaret v3 SQL Injection via ara.html
Problem type
Affected products
Web-ofisi
Ticaret
v3 - AFFECTED
References
ExploitDB-47139
https://www.exploit-db.com/exploits/47139
Official Product Homepage
https://www.web-ofisi.com/detay/e-ticaret-v3-sanal-pos.html
VulnCheck Advisory: Web Ofisi E-Ticaret v3 SQL Injection via ara.html
https://www.vulncheck.com/advisories/web-ofisi-e-ticaret-sql-injection-via-arahtml
GitHub Security Advisories
GHSA-22mj-mcf8-h63q
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated...
https://github.com/advisories/GHSA-22mj-mcf8-h63qWeb Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2019-25455
exploit-db.com
https://www.exploit-db.com/exploits/47139
vulncheck.com
https://www.vulncheck.com/advisories/web-ofisi-e-ticaret-sql-injection-via-arahtml
web-ofisi.com
https://www.web-ofisi.com/detay/e-ticaret-v3-sanal-pos.html
github.com
https://github.com/advisories/GHSA-22mj-mcf8-h63q
JSON source
https://cveawg.mitre.org/api/cve/CVE-2019-25455Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2019-25455",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-02-22T14:12:09.573Z",
"dateReserved": "2026-02-22T13:57:11.400Z",
"datePublished": "2026-02-22T14:12:09.573Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-02-22T14:12:09.573Z"
},
"title": "Web Ofisi E-Ticaret v3 SQL Injection via ara.html",
"descriptions": [
{
"lang": "en",
"value": "Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information."
}
],
"affected": [
{
"vendor": "Web-ofisi",
"product": "Ticaret",
"versions": [
{
"version": "v3",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/47139",
"name": "ExploitDB-47139",
"tags": [
"exploit"
]
},
{
"url": "https://www.web-ofisi.com/detay/e-ticaret-v3-sanal-pos.html",
"name": "Official Product Homepage",
"tags": [
"product"
]
},
{
"url": "https://www.vulncheck.com/advisories/web-ofisi-e-ticaret-sql-injection-via-arahtml",
"name": "VulnCheck Advisory: Web Ofisi E-Ticaret v3 SQL Injection via ara.html",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "Ahmet Ümit BAYRAM",
"type": "finder"
}
]
}
}
}