Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by inject…

CVE-2019-25517 affects Jettweb PHP Hazir Haber Sitesi Scripti V1, containing an SQL injection vulnerability in the haberarsiv.php file. Unauthenticated attackers can manipulate database queries by injecting malicious SQL code through the cid parameter. The vulnerability allows UNION-based injection attacks to extract sensitive database information or modify database contents. Attackers can send crafted requests with malicious cid values to exploit this vulnerability. The vulnerability poses a high risk due to its unauthenticated nature and potential for database compromise.