An unauthenticated SQL injection vulnerability in Web Ofisi Firma Rehberi v1 allows remote attackers to compromise the confidentiality and integrity of the system's database.

Multiple GET parameters in the application are susceptible to SQL injection. An unauthenticated attacker can craft malicious URLs to execute arbitrary SQL commands against the backend database.

Exploitation could lead to the total exposure of the firm directory database, including sensitive contact and business information. The High severity rating (CVSS 8.2) reflects the ease of exploitation and the significant impact on data privacy.

Immediate Action: Apply the official security patches from Web Ofisi immediately to remediate the vulnerable GET parameters.

Proactive Monitoring: Monitor web server logs for suspicious GET requests containing SQL keywords like SELECT, UNION, or DROP.

Compensating Controls: Implement input validation at the application level and use a WAF to filter out malicious SQL patterns in URL strings.

Public Exploit Available: false

IT teams must prioritize patching this vulnerability, as SQL injection via GET parameters is one of the most frequently exploited web flaws. Failure to secure these inputs could result in a significant data breach with minimal effort from an attacker.