What is the CVSS score of CVE-2019-25460?

CVE-2019-25460 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Platinum E Ticaret are affected by CVE-2019-25460?

A critical SQL injection vulnerability in Web Ofisi Platinum E-Ticaret v5 allows unauthenticated attackers to compromise database integrity and extract sensitive data without authentication.

Is there a public PoC exploit available for CVE-2019-25460?

Yes, a public proof-of-concept exploit is available for CVE-2019-25460. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2019-25460?

Within 24 hours: Assess inventory of affected systems and isolate any public-facing instances from production networks if possible. Within 7 days: Implement Web Application Firewall (WAF) rules to block SQL injection patterns in the 'q' parameter and restrict query parameter inputs to alphanumeric characters only. Conduct urgent vendor contact to confirm patch timeline. Within 30 days: Execute comprehensive database audit for unauthorized access and data exfiltration; develop migration plan to patched version or alternative e-commerce platform; implement mandatory code review process for any custom parameter handling.

Platinum E Ticaret CVE-2019-25460

HIGH

SQL Injection (CWE-89)

2026-02-22 disclosure@vulncheck.com

SQLi Platinum E Ticaret

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

PoC Detected

Mar 02, 2026 - 15:16 vuln.today

Public exploit code

CVE Published

Feb 22, 2026 - 15:16 nvd

HIGH 7.5

DescriptionCVE.org

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information.

AnalysisAI

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects Platinum E-Ticaret. Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2019-25460 vulnerability details – vuln.today

Back

Platinum E Ticaret CVE-2019-25460

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code