Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.
PUBLISHED5.2CWE-89
Web Ofisi Emlak v2 SQL Injection via ara Parameter
Problem type
Affected products
Web-ofisi
Emlak
v2 - AFFECTED
References
ExploitDB-47141
https://www.exploit-db.com/exploits/47141
Official Product Homepage
https://www.web-ofisi.com/detay/emlak-scripti-v2.html
VulnCheck Advisory: Web Ofisi Emlak v2 SQL Injection via ara Parameter
https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-ara-parameter
GitHub Security Advisories
GHSA-wf2x-4p8v-p7m6
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers...
https://github.com/advisories/GHSA-wf2x-4p8v-p7m6Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2019-25456
exploit-db.com
https://www.exploit-db.com/exploits/47141
vulncheck.com
https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-ara-parameter
web-ofisi.com
https://www.web-ofisi.com/detay/emlak-scripti-v2.html
github.com
https://github.com/advisories/GHSA-wf2x-4p8v-p7m6
JSON source
https://cveawg.mitre.org/api/cve/CVE-2019-25456Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2019-25456",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-02-22T14:12:10.439Z",
"dateReserved": "2026-02-22T13:57:34.791Z",
"datePublished": "2026-02-22T14:12:10.439Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-02-22T14:12:10.439Z"
},
"title": "Web Ofisi Emlak v2 SQL Injection via ara Parameter",
"descriptions": [
{
"lang": "en",
"value": "Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service."
}
],
"affected": [
{
"vendor": "Web-ofisi",
"product": "Emlak",
"versions": [
{
"version": "v2",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/47141",
"name": "ExploitDB-47141",
"tags": [
"exploit"
]
},
{
"url": "https://www.web-ofisi.com/detay/emlak-scripti-v2.html",
"name": "Official Product Homepage",
"tags": [
"product"
]
},
{
"url": "https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-ara-parameter",
"name": "VulnCheck Advisory: Web Ofisi Emlak v2 SQL Injection via ara Parameter",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "Ahmet Ümit BAYRAM",
"type": "finder"
}
]
}
}
}