Web-ofisi Vulnerabilities
Comprehensive security vulnerability database for Web-ofisi products
7
0
6
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2019-25461 | 8.8 | This vulnerability allows attackers to access sensitive information from the database by sending specially crafted requests to a specific endpoint without needing to log in. They can exploit this flaw by injecting harmful SQL code through a search parameter, making it possible to retrieve data that should be protected. | web-ofisiticaret | Exploit Available | about 1 month agoFeb 22, 2026 |
| CVE-2019-25460 | 8.8 | This vulnerability allows attackers to access sensitive information from the database by sending specially crafted requests to the web application without needing to log in. It specifically targets the 'q' parameter in search queries, enabling attackers to manipulate the database and extract data using time-based techniques. | web-ofisiplatinum e-ticaret | Exploit Available | about 1 month agoFeb 22, 2026 |
| CVE-2019-25459 | 8.8 | This vulnerability allows attackers to manipulate database queries on the Web Ofisi Emlak platform, enabling them to access sensitive information or execute harmful commands without needing to log in. It can be exploited by sending specially crafted requests with specific parameters, making it a serious risk for any site using this software. | web-ofisiemlak | Exploit Available | about 1 month agoFeb 22, 2026 |
| CVE-2019-25458 | 8.8 | This vulnerability allows attackers to access and manipulate the database of the Web Ofisi Firma Rehberi application without needing to log in, simply by sending specially crafted requests with malicious code in certain URL parameters. If exploited, attackers can extract sensitive information from the database or execute harmful commands, posing a significant risk to the application's data security. | web-ofisifirma rehberi | Theoretical | about 1 month agoFeb 22, 2026 |
| CVE-2019-25457 | 8.8 | This vulnerability allows attackers to access sensitive information from the database by sending specially crafted requests to the web application without needing to log in. They can exploit this flaw by manipulating a specific parameter in the URL, making it possible to extract data through clever SQL code injections. | web-ofisifirma | Exploit Available | about 1 month agoFeb 22, 2026 |
| CVE-2019-25456 | 8.8 | This vulnerability allows attackers to access and manipulate the database of the Web Ofisi Emlak application without needing to log in, simply by sending specially crafted requests through a specific URL parameter. By exploiting this flaw, they can extract sensitive information or even disrupt the service, making it critical for users to secure their systems. | web-ofisiemlak | Exploit Available | about 1 month agoFeb 22, 2026 |
| CVE-2019-25455 | 8.8 | This vulnerability allows attackers to access sensitive information from the database by sending specially crafted requests with malicious input, without needing to log in. It affects the Web Ofisi E-Ticaret v3 product, and attackers can exploit it simply by manipulating a specific part of the URL. | web-ofisie-ticaret | Exploit Available | about 1 month agoFeb 22, 2026 |
About Web-ofisi Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Web-ofisi products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.