Unrated severityNVD Advisory· Published Mar 26, 2026· Updated Mar 28, 2026

WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter

CVE-2018-25210

Description

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based blind, and stacked query attacks against the backend database.

Affected products

Web Ofisi/Ticaretllm-fuzzy
Range: = 4.0
Web-Ofisi/Ticaret V4v5
Range: 4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/45897mitreexploit
www.vulncheck.com/advisories/webofisi-e-ticaret-sql-injection-via-urun-parametermitrethird-party-advisory
drive.google.com/file/d/1ZghFSsYto-Vpv3PXunx8xm2g-Gs3HJwz/viewmitreproduct
www.web-ofisi.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000