← Back
2026-02-22 14:12CVE-2019-25461VulnCheck
PUBLISHED5.2CWE-89

Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information.

Problem type

Affected products

Web-ofisi

Ticaret

v5 - AFFECTED

References

ExploitDB-47140

https://www.exploit-db.com/exploits/47140

exploit
Official Product Homepage

https://www.web-ofisi.com/detay/platinum-e-ticaret-v5.html

product
VulnCheck Advisory: Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch

https://www.vulncheck.com/advisories/web-ofisi-platinum-e-ticaret-sql-injection-via-ajaxproductsfiltersearch

third-party-advisory

GitHub Security Advisories

GHSA-982r-pxpw-xv2x

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows...

https://github.com/advisories/GHSA-982r-pxpw-xv2x

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2019-25461

exploit-db.com

https://www.exploit-db.com/exploits/47140

vulncheck.com

https://www.vulncheck.com/advisories/web-ofisi-platinum-e-ticaret-sql-injection-via-ajaxproductsfiltersearch

web-ofisi.com

https://www.web-ofisi.com/detay/platinum-e-ticaret-v5.html

github.com

https://github.com/advisories/GHSA-982r-pxpw-xv2x

JSON source

https://cveawg.mitre.org/api/cve/CVE-2019-25461
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2019-25461",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-02-22T14:12:15.148Z",
    "dateReserved": "2026-02-22T14:02:58.144Z",
    "datePublished": "2026-02-22T14:12:15.148Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-02-22T14:12:15.148Z"
      },
      "title": "Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch",
      "descriptions": [
        {
          "lang": "en",
          "value": "Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information."
        }
      ],
      "affected": [
        {
          "vendor": "Web-ofisi",
          "product": "Ticaret",
          "versions": [
            {
              "version": "v5",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/47140",
          "name": "ExploitDB-47140",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.web-ofisi.com/detay/platinum-e-ticaret-v5.html",
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/web-ofisi-platinum-e-ticaret-sql-injection-via-ajaxproductsfiltersearch",
          "name": "VulnCheck Advisory: Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ahmet Ümit BAYRAM",
          "type": "finder"
        }
      ]
    }
  }
}