Primary

Context

Web Ofisi E-Ticaret SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Web Ofisi E-Ticaret version 3. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter in GET requests. Exploitation of this vulnerability could lead to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for unauthorized SQL injection, potentially leading to unauthorized data access or manipulation within the application's database.

Reproduction

To reproduce this vulnerability, send a GET request to 'ara.html' with a crafted 'a' parameter value that includes SQL injection payloads. The application does not properly sanitize the input, allowing the injected SQL code to be executed by the database.

Added: Feb 22, 2026, 3:21 PM

Updated: Feb 22, 2026, 3:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

3.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

3.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Web Ofisi E-Ticaret SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating