Ahmet Ümit BAYRAM

106 exploits Active since Jun 2019
CVE-2019-25522 EXPLOITDB HIGH text WORKING POC
XooGallery Latest - Unauthenticated SQL Injection via photo_id Parameter
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. Attackers can send GET requests to photo.php with malicious photo_id values to extract sensitive data, bypass authentication, or modify database contents.
CVSS 8.2
CVE-2019-25521 EXPLOITDB HIGH text WORKING POC
XooGallery Latest - Unauthenticated SQL Injection via gal_id Parameter
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. Attackers can send GET requests to gal.php with malicious gal_id values to extract sensitive database information or modify database contents.
CVSS 8.2
CVE-2019-25520 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V1 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.
CVSS 8.2
CVE-2019-25519 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to execute time-based SQL injection attacks and extract sensitive database information.
CVSS 8.2
CVE-2019-25518 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter to extract sensitive data or modify database contents.
CVSS 8.2
CVE-2019-25517 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injection to extract sensitive database information or modify database contents.
CVSS 8.2
CVE-2019-25516 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can send GET requests to gallery.php with malicious gallery_id values using UNION-based SQL injection to extract sensitive database information.
CVSS 8.2
CVE-2019-25515 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V3 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.
CVSS 7.5
CVE-2019-25514 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.
CVSS 8.2
CVE-2019-25513 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.
CVSS 8.2
CVE-2019-25512 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.
CVSS 8.2
CVE-2019-25511 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.
CVSS 8.2
CVE-2019-25510 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Haber Sitesi Scripti V2 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.
CVSS 8.2
CVE-2019-25509 EXPLOITDB HIGH text WORKING POC
XooDigital Latest - Unauthenticated SQL Injection via 'p' Parameter
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information.
CVSS 8.2
CVE-2019-25508 EXPLOITDB HIGH text WORKING POC
Jettweb Php Hazir Ilan Sitesi Scripti V2 - SQL Injection
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to extract sensitive database information.
CVSS 8.2
CVE-2019-25488 EXPLOITDB HIGH text WORKING POC
Jettweb Hazir Rent A Car Scripti V4 - SQL Injection
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service.
CVSS 8.2
CVE-2019-25482 EXPLOITDB HIGH text WORKING POC
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 - SQL Injection
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.
CVSS 8.2
CVE-2019-25481 EXPLOITDB HIGH text WORKING POC
iScripts ReserveLogic - SQL Injection
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitive database information.
CVSS 8.2
CVE-2019-25479 EXPLOITDB HIGH text WORKING POC
Inout RealEstate - Unauthenticated SQL Injection via City Parameter
Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city parameter to extract sensitive database information.
CVSS 8.2
CVE-2019-25507 EXPLOITDB HIGH text WORKING POC
Ashop Shopping Cart - SQL Injection
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection to extract sensitive database information.
CVSS 8.2
CVE-2019-25504 EXPLOITDB HIGH text WORKING POC
NCrypted Jobgator - Unauthenticated SQL Injection via Experience Parameter
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract sensitive database information.
CVSS 8.2
CVE-2019-25502 EXPLOITDB MEDIUM text WORKING POC
simplejobscript < 1.66 - Unauthenticated Stored Cross-Site Scripting via Job Type Value Parameter
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.
CVSS 6.1
CVE-2019-25501 EXPLOITDB HIGH text WORKING POC
Simple Job Script - SQL Injection
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST requests to delete_application_ajax.php with crafted payloads to extract sensitive data, bypass authentication, or modify database contents.
CVSS 8.2
CVE-2019-25500 EXPLOITDB HIGH text WORKING POC
Simple Job Script - SQL Injection
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to extract sensitive data or modify database contents.
CVSS 8.2
CVE-2019-25499 EXPLOITDB HIGH text WORKING POC
simplejobscript < 1.66 - Unauthenticated SQL Injection via job_id Parameter
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send POST requests to get_job_applications_ajax.php with malicious job_id values to bypass authentication, extract sensitive data, or modify database contents.
CVSS 8.2