What is the CVSS score of CVE-2019-25456?

CVE-2019-25456 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Emlak are affected by CVE-2019-25456?

Web Ofisi Emlak v2 contains a critical SQL injection vulnerability (CVSS 9.1) exploitable by unauthenticated attackers without authentication, potentially allowing complete database compromise…

Is there a public PoC exploit available for CVE-2019-25456?

Yes, a public proof-of-concept exploit is available for CVE-2019-25456. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2019-25456?

Within 24 hours: Conduct asset inventory to identify all instances of Web Ofisi Emlak v2 in production and immediately isolate or disable them if business operations permit. Within 7 days: Implement WAF rules blocking SQL injection patterns in the 'ara' parameter, segment affected systems from sensitive networks, and deploy real-time monitoring/alerting on database query anomalies. Within 30 days: Either migrate to a patched alternative application, maintain air-gapped deployment with restricted access controls, or commission a third-party security vendor for custom patching/hardening while awaiting official vendor remediation.

Emlak CVE-2019-25456

CRITICAL

SQL Injection (CWE-89)

2026-02-22 disclosure@vulncheck.com

SQLi Denial Of Service Emlak

9.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

PoC Detected

Mar 02, 2026 - 15:16 vuln.today

Public exploit code

CVE Published

Feb 22, 2026 - 15:16 nvd

CRITICAL 9.1

DescriptionCVE.org

Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.

AnalysisAI

SQL injection in Web Ofisi Emlak v2. PoC available.

Technical ContextAI

CWE-89.

RemediationAI

Apply patch.

CVE-2019-25456 vulnerability details – vuln.today

Back

Emlak CVE-2019-25456

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code