CVE-2019-25460

HIGH

Web Ofisi Platinum E-Ticaret v5 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25460. PoCs published by Ahmet Ümit BAYRAM.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Web Ofisi Platinum E-Ticaret v5 via the 'q' parameter in both GET and POST requests. The payloads use time-based blind SQLi techniques to confirm the vulnerability.

Description

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC
by Ahmet Ümit BAYRAM · textwebappslinux
https://www.exploit-db.com/exploits/47140

The exploit demonstrates SQL injection vulnerabilities in Web Ofisi Platinum E-Ticaret v5 via the 'q' parameter in both GET and POST requests. The payloads use time-based blind SQLi techniques to confirm the vulnerability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Web Ofisi Platinum E-Ticaret v5
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 22, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0036
EPSS Percentile 28.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (3)
web-ofisi/platinum_e-ticaret 5.0.0
web-ofisi/ticaret 5.0.0
Web-ofisi/Ticaret v5
Published Feb 22, 2026
Tracked Since Feb 22, 2026