GCVE - cpe:2.3:a:web-ofisi:ticaret:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:web-ofisi:ticaret:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Web Ofisi (`801d000b-afe6-53e3-bffe-4ff0dae34adb`)
Product	Ticaret (`ea5a876f-e581-50ce-a40e-e8dfcc056e24`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-25461`	vulnerable	2026-06-08 05:13:42.404173	Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch HIGH (7.5) Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information. Published: 2026-02-22T14:12:15.148Z Updated: 2026-04-07T14:04:21.069Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/47140 https://www.web-ofisi.com/detay/platinum-e-ticaret-v5.html https://www.vulncheck.com/advisories/web-ofisi-platinum-e-ticaret-sql-injection-via-ajaxproductsfiltersearch	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-25460`	vulnerable	2026-06-08 05:13:42.402402	Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter HIGH (7.5) Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information. Published: 2026-02-22T14:12:14.220Z Updated: 2026-04-07T14:04:20.363Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/47140 https://www.web-ofisi.com/detay/platinum-e-ticaret-v5.html https://www.vulncheck.com/advisories/web-ofisi-platinum-e-ticaret-sql-injection-via-q-parameter	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-25455`	vulnerable	2026-06-08 05:13:42.395263	Web Ofisi E-Ticaret v3 SQL Injection via ara.html HIGH (7.5) Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information. Published: 2026-02-22T14:12:09.573Z Updated: 2026-04-07T14:04:16.453Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/47139 https://www.web-ofisi.com/detay/e-ticaret-v3-sanal-pos.html https://www.vulncheck.com/advisories/web-ofisi-e-ticaret-sql-injection-via-arahtml	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.