5.3

CVSS4.0

CVE-2026-2954 - Dromara UJCMS ImportDataController import-channel importChanel injection

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate the …

📅 Published: Feb. 22, 2026, 3:02 p.m. 🔄 Last Modified: Feb. 22, 2026, 3:02 p.m.

8.8

CVSS4.0

CVE-2019-25462 - Web Ofisi Rent a Car v3 SQL Injection via klima Parameter

Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cau…

📅 Published: Feb. 22, 2026, 2:12 p.m. 🔄 Last Modified: Feb. 22, 2026, 2:12 p.m.

8.8

CVSS4.0

CVE-2019-25461 - Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using ti…

📅 Published: Feb. 22, 2026, 2:12 p.m. 🔄 Last Modified: Feb. 22, 2026, 2:12 p.m.

8.8

CVSS4.0

CVE-2019-25460 - Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injectio…

📅 Published: Feb. 22, 2026, 2:12 p.m. 🔄 Last Modified: Feb. 22, 2026, 2:12 p.m.

8.8

CVSS4.0

CVE-2019-25459 - Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive…

📅 Published: Feb. 22, 2026, 2:12 p.m. 🔄 Last Modified: Feb. 22, 2026, 2:12 p.m.
Load More Vulnerability
avatar

Mehmet Ince

@mdisec

CVE stats coming here

avatar

Nuri Çilengir

@ncilengir

CVE stats coming here

avatar

@aydinnyunus

CVE stats coming here

avatar

Onurcan Genç

@onurcangnc

CVE stats coming here

avatar

Seyit Sigirci

@h3xecute

CVE stats coming here

avatar

Ali İltizar

@iltosec

CVE stats coming here

avatar

@b3rsec

CVE stats coming here

avatar

@furkank

CVE stats coming here

avatar

kutaysec

@kutaysec

CVE stats coming here