Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cause denial of service.
PUBLISHED5.2CWE-89
Web Ofisi Rent a Car v3 SQL Injection via klima Parameter
Problem type
Affected products
Web-ofisi
Rent a Car
v3 - AFFECTED
References
ExploitDB-47144
https://www.exploit-db.com/exploits/47144
Official Product Homepage
https://www.web-ofisi.com/detay/rent-a-car-v3.html
VulnCheck Advisory: Web Ofisi Rent a Car v3 SQL Injection via klima Parameter
https://www.vulncheck.com/advisories/web-ofisi-rent-a-car-sql-injection-via-klima-parameter
GitHub Security Advisories
GHSA-46jj-7w5w-vccv
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated...
https://github.com/advisories/GHSA-46jj-7w5w-vccvWeb Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cause denial of service.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2019-25462
exploit-db.com
https://www.exploit-db.com/exploits/47144
vulncheck.com
https://www.vulncheck.com/advisories/web-ofisi-rent-a-car-sql-injection-via-klima-parameter
web-ofisi.com
https://www.web-ofisi.com/detay/rent-a-car-v3.html
github.com
https://github.com/advisories/GHSA-46jj-7w5w-vccv
JSON source
https://cveawg.mitre.org/api/cve/CVE-2019-25462Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2019-25462",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-02-22T14:12:15.978Z",
"dateReserved": "2026-02-22T14:03:25.644Z",
"datePublished": "2026-02-22T14:12:15.978Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-02-22T14:12:15.978Z"
},
"title": "Web Ofisi Rent a Car v3 SQL Injection via klima Parameter",
"descriptions": [
{
"lang": "en",
"value": "Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cause denial of service."
}
],
"affected": [
{
"vendor": "Web-ofisi",
"product": "Rent a Car",
"versions": [
{
"version": "v3",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/47144",
"name": "ExploitDB-47144",
"tags": [
"exploit"
]
},
{
"url": "https://www.web-ofisi.com/detay/rent-a-car-v3.html",
"name": "Official Product Homepage",
"tags": [
"product"
]
},
{
"url": "https://www.vulncheck.com/advisories/web-ofisi-rent-a-car-sql-injection-via-klima-parameter",
"name": "VulnCheck Advisory: Web Ofisi Rent a Car v3 SQL Injection via klima Parameter",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "Ahmet Ümit BAYRAM",
"type": "finder"
}
]
}
}
}