← Back
2026-02-22 14:12CVE-2019-25458VulnCheck
PUBLISHED5.2CWE-89

Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.

Problem type

Affected products

Web-ofisi

Firma Rehberi

v1 - AFFECTED

References

ExploitDB-47143

https://www.exploit-db.com/exploits/47143

exploit
Official Product Homepage

https://www.web-ofisi.com/detay/firma-rehberi-scripti-v1.html

product
VulnCheck Advisory: Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html

https://www.vulncheck.com/advisories/web-ofisi-firma-rehberi-sql-injection-via-firmalarhtml

third-party-advisory

GitHub Security Advisories

GHSA-q2p9-fpj7-9fjp

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated...

https://github.com/advisories/GHSA-q2p9-fpj7-9fjp

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2019-25458

exploit-db.com

https://www.exploit-db.com/exploits/47143

vulncheck.com

https://www.vulncheck.com/advisories/web-ofisi-firma-rehberi-sql-injection-via-firmalarhtml

web-ofisi.com

https://www.web-ofisi.com/detay/firma-rehberi-scripti-v1.html

github.com

https://github.com/advisories/GHSA-q2p9-fpj7-9fjp

JSON source

https://cveawg.mitre.org/api/cve/CVE-2019-25458
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2019-25458",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-02-22T14:12:12.162Z",
    "dateReserved": "2026-02-22T13:58:01.340Z",
    "datePublished": "2026-02-22T14:12:12.162Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-02-22T14:12:12.162Z"
      },
      "title": "Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html",
      "descriptions": [
        {
          "lang": "en",
          "value": "Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks."
        }
      ],
      "affected": [
        {
          "vendor": "Web-ofisi",
          "product": "Firma Rehberi",
          "versions": [
            {
              "version": "v1",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/47143",
          "name": "ExploitDB-47143",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.web-ofisi.com/detay/firma-rehberi-scripti-v1.html",
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/web-ofisi-firma-rehberi-sql-injection-via-firmalarhtml",
          "name": "VulnCheck Advisory: Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ahmet Ümit BAYRAM",
          "type": "finder"
        }
      ]
    }
  }
}