PT-2026-24996 · Netart Media · Netartmedia Php Real Estate Agency

Published

2026-03-12

Updated

2026-03-12

CVE-2019-25536

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Netartmedia PHP Real Estate Agency version 4.0

Description The software contains an SQL injection flaw. Unauthenticated attackers can execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can send POST requests to the ''index.php'' endpoint with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.

Recommendations Apply a fix to sanitize the features[] parameter in POST requests to the ''index.php'' endpoint.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-25536

Affected Products

Netartmedia Php Real Estate Agency

PT-2026-24996 · Netart Media · Netartmedia Php Real Estate Agency

CVE-2019-25536

Weakness Enumeration

Related Identifiers

Affected Products

References · 3