CVE-2019-25516
EUVD-2019-1979212.03.2026, 16:16
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can send GET requests to gallery.php with malicious gallery_id values using UNION-based SQL injection to extract sensitive database information.
Awaiting analysis
This vulnerability is currently awaiting analysis.