8.8
CVE-2019-25462 - Web Ofisi Rent a Car v3 SQL Injection via klima Parameter
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cauโฆ
8.8
CVE-2019-25461 - Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using tiโฆ
8.8
CVE-2019-25460 - Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injectioโฆ
8.8
CVE-2019-25459 - Web Ofisi Emlak V2 SQL Injection via emlak-ara.html
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitiveโฆ
8.8
CVE-2019-25458 - Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitivโฆ
8.8
CVE-2019-25457 - Web Ofisi Firma v13 SQL Injection via oz Parameter
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injectioโฆ
8.8
CVE-2019-25456 - Web Ofisi Emlak v2 SQL Injection via ara Parameter
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cโฆ
8.8
CVE-2019-25455 - Web Ofisi E-Ticaret v3 SQL Injection via ara.html
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information.
5.3
CVE-2026-2953 - Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal
A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be performed from remote. The exploit has been disclosed tโฆ
6.9
CVE-2026-2952 - Vaelsys HTTP POST Request tree_server.php os command injection
A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has bโฆ