CVE-2018-25210
WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter
CVSS Score
8.2
EPSS Score
0.1%
EPSS Percentile
22th
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based blind, and stacked query attacks against the backend database.
| CWE | CWE-79 |
| Vendor | web-ofisi |
| Product | ticaret v4 |
| Published | Mar 26, 2026 |
| Last Updated | Mar 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for web-ofisi ticaret v4
Be the first to know when new high vulnerabilities affecting web-ofisi ticaret v4 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
Web-Ofisi / Ticaret V4
4.0
References
exploit-db.com: https://www.exploit-db.com/exploits/45897 web-ofisi.com: https://www.web-ofisi.com drive.google.com: https://drive.google.com/file/d/1ZghFSsYto-Vpv3PXunx8xm2g-Gs3HJwz/view?usp=sharing vulncheck.com: https://www.vulncheck.com/advisories/webofisi-e-ticaret-sql-injection-via-urun-parameter
Credits
Özkan Mustafa Akkuş (AkkuS)