CVE-2019-25515

EIP tracks 1 public exploit for CVE-2019-25515. PoCs published by Ahmet Ümit BAYRAM.

AI-analyzed exploit summary The exploit demonstrates multiple SQL injection vulnerabilities and an authentication bypass in Jettweb PHP Hazır Haber Sitesi Scripti V3. It includes functional payloads for SQLi via GET/POST parameters and a simple authentication bypass using tautological conditions.

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.