CVE-2019-25532

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Netartmedia Jobs Portal version 6.1

Description An SQL injection flaw exists in Netartmedia Jobs Portal version 6.1 that allows unauthenticated attackers to manipulate database queries. The issue is triggered by injecting SQL code through the Email parameter. Attackers can send POST requests to the ''loginaction.php'' endpoint with crafted SQL payloads in the Email field. This can lead to the extraction of sensitive database information or authentication bypass.

Recommendations Apply updates to address the SQL injection flaw in the Email parameter of the ''loginaction.php'' endpoint.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-25532

Affected Products

Netartmedia Jobs Portal

CVE-2019-25532

Weakness Enumeration

Related Identifiers

Affected Products

References · 3