Web-ofisi CVEs & Vulnerabilities

8 CVEs affecting Web-ofisi products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

e-ticaret 2emlak 2firma rehberi 1platinum e-ticaret 1firma 1ticaret 1
CVE-2018-25210MEDIUM

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based blind, and stacked query attacks against the backend database.

26 Mar 2026
6.1
CVSS
CVE-2019-25461HIGH

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information.

22 Feb 2026
7.5
CVSS
CVE-2019-25460HIGH

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information.

22 Feb 2026
7.5
CVSS
CVE-2019-25459CRITICAL

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.

22 Feb 2026
9.8
CVSS
CVE-2019-25458CRITICAL

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.

22 Feb 2026
9.8
CVSS
CVE-2019-25457HIGH

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.

22 Feb 2026
7.5
CVSS
CVE-2019-25456CRITICAL

Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.

22 Feb 2026
9.1
CVSS
CVE-2019-25455HIGH

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information.

22 Feb 2026
7.5
CVSS
← PrevPage 1 / 1Next →