CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25515

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 76.3%

CVSS Severity

CVSS v3 Score 7.5

References

https://www.exploit-db.com/exploits/46599
https://www.vulncheck.com/advisories/jettweb-php-hazir-haber-sitesi-scripti-v3-authentication-bypass

Products affected by CVE-2019-25515

Jettweb » Php Stock News Site Script » Version: 3

cpe:2.3:a:jettweb:php_stock_news_site_script:3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25515

Products

Pricing

Contact Us