← Back
2026-02-22 14:12CVE-2019-25459VulnCheck
PUBLISHED5.2CWE-89

Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.

Problem type

Affected products

Web-ofisi

Emlak

V2 - AFFECTED

References

ExploitDB-47142

https://www.exploit-db.com/exploits/47142

exploit
Official Product Homepage

https://www.web-ofisi.com/detay/emlak-scripti-v3.html

product
VulnCheck Advisory: Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-emlak-arahtml

third-party-advisory

GitHub Security Advisories

GHSA-w7wm-w9qw-pc72

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow...

https://github.com/advisories/GHSA-w7wm-w9qw-pc72

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2019-25459

exploit-db.com

https://www.exploit-db.com/exploits/47142

vulncheck.com

https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-emlak-arahtml

web-ofisi.com

https://www.web-ofisi.com/detay/emlak-scripti-v3.html

github.com

https://github.com/advisories/GHSA-w7wm-w9qw-pc72

JSON source

https://cveawg.mitre.org/api/cve/CVE-2019-25459
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2019-25459",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-02-22T14:12:13.169Z",
    "dateReserved": "2026-02-22T13:59:46.277Z",
    "datePublished": "2026-02-22T14:12:13.169Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-02-22T14:12:13.169Z"
      },
      "title": "Web Ofisi Emlak V2 SQL Injection via emlak-ara.html",
      "descriptions": [
        {
          "lang": "en",
          "value": "Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks."
        }
      ],
      "affected": [
        {
          "vendor": "Web-ofisi",
          "product": "Emlak",
          "versions": [
            {
              "version": "V2",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/47142",
          "name": "ExploitDB-47142",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.web-ofisi.com/detay/emlak-scripti-v3.html",
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-emlak-arahtml",
          "name": "VulnCheck Advisory: Web Ofisi Emlak V2 SQL Injection via emlak-ara.html",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ahmet Ümit BAYRAM",
          "type": "finder"
        }
      ]
    }
  }
}