CVE-2019-25699

HIGH

Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25699. PoCs published by Mehmet EMIROGLU.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Newsbull Haber Script 1.0.0, including time-based, blind, and boolean-based techniques. It provides specific attack patterns and GET request examples for exploiting the 'search' parameter in various admin endpoints.

Description

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search parameter in endpoints like /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs to manipulate database queries and retrieve sensitive data.

Exploits (1)

exploitdb WORKING POC

by Mehmet EMIROGLU · textwebappsphp

https://www.exploit-db.com/exploits/46266

View Code ZIP pw:eip

The exploit demonstrates SQL injection vulnerabilities in Newsbull Haber Script 1.0.0, including time-based, blind, and boolean-based techniques. It provides specific attack patterns and GET request examples for exploiting the 'search' parameter in various admin endpoints.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Newsbull Haber Script 1.0.0

Auth required

Prerequisites: Authenticated user access · Target endpoint with vulnerable 'search' parameter

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 12, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46266

https://www.exploit-db.com/exploits/46266

Product product

Official Product Homepage

http://newsbull.org/

Product product

Product Reference

https://github.com/gurkanuzunca/newsbull

Third Party Advisory third-party-advisory

VulnCheck Advisory: Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter

https://www.vulncheck.com/advisories/newsbull-haber-script-authenticated-sql-injection-via-search-parameter

Scores

CVSS v3 7.1

EPSS 0.0032

EPSS Percentile 23.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

gurkanuzunca/newsbull 1.0.0

Newsbull/Newsbull Haber Script 1.0.0

Published Apr 12, 2026

Tracked Since Apr 12, 2026