CVE-2019-25534

Name of the Vulnerable Software and Affected Versions Netartmedia PHP Car Dealer (affected versions not specified)

Description The software contains an SQL injection flaw that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can send POST requests to the ''index.php'' endpoint with malicious SQL payloads injected through the features[] parameter. This could allow attackers to extract sensitive database information or manipulate database queries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.