Web Ofisi

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-25210 1Web Ofisi 1E Ticaret Mar 27, 2026 Mar 26, 2026 8.8 HIGH· v4 6.1 MEDIUM· v3 N/A· v2 WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through t...Show more WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based blind, and stacked query attacks against the backend database.Show less
CVE-2019-25461 1Web Ofisi 2Platinum E Ticaret Ticaret Mar 10, 2026 Feb 22, 2026 8.8 HIGH· v4 7.5 HIGH· v3 N/A· v2 Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST reques...Show more Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information.Show less
CVE-2019-25460 1Web Ofisi 2Platinum E Ticaret Ticaret Mar 2, 2026 Feb 22, 2026 8.8 HIGH· v4 7.5 HIGH· v3 N/A· v2 Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send request...Show more Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information.Show less
CVE-2019-25459 1Web Ofisi 1Emlak Mar 2, 2026 Feb 22, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters...Show more Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.Show less
CVE-2019-25458 1Web Ofisi 1Firma Rehberi Mar 2, 2026 Feb 22, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with ma...Show more Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.Show less
CVE-2019-25457 1Web Ofisi 1Firma Mar 2, 2026 Feb 22, 2026 8.8 HIGH· v4 7.5 HIGH· v3 N/A· v2 Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to...Show more Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.Show less
CVE-2019-25456 1Web Ofisi 1Emlak Mar 2, 2026 Feb 22, 2026 8.8 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with t...Show more Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.Show less
CVE-2019-25455 1Web Ofisi 1E Ticaret Mar 2, 2026 Feb 22, 2026 8.8 HIGH· v4 7.5 HIGH· v3 N/A· v2 Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with...Show more Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information.Show less