← Back
2026-02-22 14:12CVE-2019-25460VulnCheck
PUBLISHED5.2CWE-89

Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information.

Problem type

Affected products

Web-ofisi

Ticaret

v5 - AFFECTED

References

ExploitDB-47140

https://www.exploit-db.com/exploits/47140

exploit
Official Product Homepage

https://www.web-ofisi.com/detay/platinum-e-ticaret-v5.html

product
VulnCheck Advisory: Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter

https://www.vulncheck.com/advisories/web-ofisi-platinum-e-ticaret-sql-injection-via-q-parameter

third-party-advisory

GitHub Security Advisories

GHSA-jfw2-q9rx-mg64

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows...

https://github.com/advisories/GHSA-jfw2-q9rx-mg64

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2019-25460

exploit-db.com

https://www.exploit-db.com/exploits/47140

vulncheck.com

https://www.vulncheck.com/advisories/web-ofisi-platinum-e-ticaret-sql-injection-via-q-parameter

web-ofisi.com

https://www.web-ofisi.com/detay/platinum-e-ticaret-v5.html

github.com

https://github.com/advisories/GHSA-jfw2-q9rx-mg64

JSON source

https://cveawg.mitre.org/api/cve/CVE-2019-25460
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2019-25460",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-02-22T14:12:14.220Z",
    "dateReserved": "2026-02-22T14:02:43.733Z",
    "datePublished": "2026-02-22T14:12:14.220Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-02-22T14:12:14.220Z"
      },
      "title": "Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter",
      "descriptions": [
        {
          "lang": "en",
          "value": "Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information."
        }
      ],
      "affected": [
        {
          "vendor": "Web-ofisi",
          "product": "Ticaret",
          "versions": [
            {
              "version": "v5",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/47140",
          "name": "ExploitDB-47140",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.web-ofisi.com/detay/platinum-e-ticaret-v5.html",
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/web-ofisi-platinum-e-ticaret-sql-injection-via-q-parameter",
          "name": "VulnCheck Advisory: Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ahmet Ümit BAYRAM",
          "type": "finder"
        }
      ]
    }
  }
}