CVE-2019-25459

CRITICAL

Web Ofisi Emlak V2 - SQL Injection

Title source: llm

Description

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.

Exploits (1)

exploitdb WORKING POC

by Ahmet Ümit BAYRAM · textwebappslinux

https://www.exploit-db.com/exploits/47142

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.web-ofisi.com/detay/emlak-scripti-v3.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47142

[Third Party Advisory] https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-emlak-arahtml

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (1)

web-ofisi/emlak

Timeline

Published Feb 22, 2026

Tracked Since Feb 22, 2026