SQL Injection in Jettweb Rent A Car Scripti
CVE-2019-25488
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur'…
Vulnerability class: SQL Injection
EPSS: 0.001 (31.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.
Affected products
- Jettweb Rent A Car Scripti — versions 4.0
Weakness classification (CWE)
References
- ExploitDB-46614 (exploit)
- VulnCheck Advisory: Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin (third-party-advisory)
Frequently asked questions
- What is CVE-2019-25488?
- CVE-2019-25488 is a high-severity vulnerability in Jettweb Rent A Car Scripti, classified under SQL Injection. CVSS score: 8.2/10. Published 2026-03-12.
- How severe is CVE-2019-25488?
- High severity. CVSS v3 base score is 8.2 out of 10.