Security Vulnerabilities
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-03-12
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.
CVSS Score
8.2
EPSS Score
0.0
Published
2026-03-12
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.
CVSS Score
8.2
EPSS Score
0.002
Published
2026-03-12
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-03-12
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-03-12
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-03-12
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to extract sensitive database information.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-03-12
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS Score
9.9
EPSS Score
0.003
Published
2026-03-12
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS Score
9.9
EPSS Score
0.003
Published
2026-03-12
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-03-12