CVE-2019-25536

Name of the Vulnerable Software and Affected Versions Netartmedia PHP Real Estate Agency version 4.0

Description The software contains an SQL injection flaw. Unauthenticated attackers can execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can send POST requests to the ''index.php'' endpoint with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.

Recommendations Apply a fix to sanitize the features[] parameter in POST requests to the ''index.php'' endpoint.