Primary

Context

Jettweb PHP Hazir Haber Sitesi Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in Jettweb PHP Hazir Haber Sitesi Scripti V3. This vulnerability resides in the login.php administration panel, allowing unauthenticated attackers to gain administrative access by exploiting SQL injection. Attackers can bypass authentication by injecting equals signs and 'or' operators into the username and password fields, thereby accessing the administration panel without valid credentials.

Impact

Exploitation of this vulnerability allows for unauthorized administrative access to the application.

Reproduction

To reproduce this vulnerability, navigate to the login.php administration panel. Enter '=' followed by 'or' in both the username and password fields. Submit the login form to gain access to the administration panel without valid credentials.

Added: Mar 12, 2026, 4:32 PM

Updated: Mar 12, 2026, 4:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jettweb PHP Hazir Haber Sitesi Authentication Bypass Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating