CVE-2019-25518

HIGH

Details

CVSS v3: 8.2
CVSS v4: 8.8
NVD published: 2026-03-12 16:16:04
EPSS: <0.1% probability · 22.8th percentile — 2026-03-18
Affected versions: cpe:2.3:a:jettweb:php_stock_news_site_script:1:*:*:*:*:*:*:*
Summary: Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter to extract sensitive data or modify database contents.
Remediation: Not available in our cache.
Exploit info: https://www.exploit-db.com/exploits/46597

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.