Perceptive Security
SOC/SIEM Consultancy
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated atta…
Published:
11 maart 2026 om 23:00:00
Alert date:
12 maart 2026 om 22:25:09
Source:
nvd.nist.gov
Web Technologies, Identity & Access
CVE-2019-25515 affects Jettweb PHP Hazir Haber Sitesi Scripti V3, containing an authentication bypass vulnerability in the login.php administration panel. Unauthenticated attackers can gain administrative access by submitting crafted SQL syntax using equals signs and 'or' operators as username and password parameters. This SQL injection vulnerability allows complete bypass of authentication controls without requiring valid credentials. The vulnerability provides immediate administrative access to the affected content management system. Exploit code is publicly available on Exploit-DB, increasing the risk of active exploitation.
Technical details
Mitigation steps:
Affected products:
Jettweb PHP Hazir Haber Sitesi Scripti
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2019-25515
https://www.exploit-db.com/exploits/46599
https://www.vulncheck.com/advisories/jettweb-php-hazir-haber-sitesi-scripti-v3-authentication-bypass
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.