Web-ofisi CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Web-ofisi Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-25462	1 Web-ofisi	1 Rent A Car	2026-02-23	8.2 High
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cause denial of service.
CVE-2019-25455	1 Web-ofisi	1 Ticaret	2026-02-23	8.2 High
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information.
CVE-2019-25456	1 Web-ofisi	1 Emlak	2026-02-23	8.2 High
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.
CVE-2019-25457	1 Web-ofisi	1 Firma	2026-02-23	8.2 High
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.
CVE-2019-25461	1 Web-ofisi	1 Ticaret	2026-02-23	8.2 High
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information.
CVE-2019-25459	1 Web-ofisi	1 Emlak	2026-02-23	8.2 High
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.
CVE-2019-25460	1 Web-ofisi	1 Ticaret	2026-02-23	8.2 High
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information.
CVE-2019-25458	1 Web-ofisi	1 Firma Rehberi	2026-02-23	8.2 High
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.

Page 1 of 1.