Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by i…

CVE-2019-25482 is an SQL injection vulnerability in Jettweb PHP Hazir Rent A Car Sitesi Scripti V2. The vulnerability allows unauthenticated attackers to manipulate database queries by injecting malicious SQL code through the arac_kategori_id parameter. Attackers can exploit this by sending POST requests to vulnerable endpoints with malicious SQL payloads. The vulnerability enables extraction of sensitive database information without authentication. This represents a critical security flaw in the rent-a-car management script that could lead to complete database compromise.