Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search parameter in endpoints like /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs to manipulate database queries and retrieve sensitive data.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Sun, 12 Apr 2026 12:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search parameter in endpoints like /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs to manipulate database queries and retrieve sensitive data. | |
| Title | Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-04-12T12:28:49.056Z
Reserved: 2026-04-05T15:36:33.509Z
Link: CVE-2019-25699
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-04-12T13:16:32.770
Modified: 2026-04-12T13:16:32.770
Link: CVE-2019-25699
Redhat
No data.
OpenCVE Enrichment
No data.