Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to g…

CVE-2019-25510 affects Jettweb PHP Hazir Haber Sitesi Scripti V2, containing an authentication bypass vulnerability in the administration panel. Unauthenticated attackers can gain administrative access by exploiting improper SQL query validation. The vulnerability allows SQL injection payloads to be submitted in the username and password fields of the admingiris.php login form. This enables complete bypass of authentication mechanisms and unauthorized access to the administrative interface. The vulnerability represents a critical security flaw that provides full administrative control to attackers.