PT-2026-24993 · Phpbusinessdirectory · Netartmedia Php Business Directory
Published
2026-03-12
·
Updated
2026-03-12
·
CVE-2019-25533
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Netartmedia PHP Business Directory version 4.2
Description
An SQL injection issue exists in Netartmedia PHP Business Directory version 4.2. Unauthenticated attackers can manipulate database queries by injecting SQL code through the
Email parameter. Attackers can send POST requests to the ''loginaction.php'' endpoint with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.Recommendations
Apply updates to address the issue in Netartmedia PHP Business Directory version 4.2.
As a temporary workaround, restrict access to the ''loginaction.php'' endpoint.
Sanitize the
Email parameter to prevent SQL injection attacks.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netartmedia Php Business Directory