Netart Media · Netart Media Real Estate Portal · CVE-2009-4600
**Name of the Vulnerable Software and Affected Versions**
NetArt Media Real Estate Portal version 2.0
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `Email` parameter, also referred to as the `username` field, in the `/loginaction.php` endpoint.
**Recommendations**
For NetArt Media Real Estate Portal version 2.0, consider restricting access to the `/loginaction.php` endpoint until a patch is available, and avoid using the `Email` parameter in this endpoint to minimize the risk of exploitation.