CVE-2019-25543

Name of the Vulnerable Software and Affected Versions Netartmedia Real Estate Portal version 5.0

Description The software contains an SQL injection issue that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the page parameter. By submitting POST requests to the ''index.php'' endpoint with malicious SQL payloads in the page field, attackers can bypass authentication, extract sensitive data, or modify database contents. The page parameter is the entry point for this manipulation.

Recommendations Apply a fix to sanitize the page parameter in POST requests to the ''index.php'' endpoint.