CVE-2019-25531

HIGH

Netartmedia Deals Portal - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25531. PoCs published by Ahmet Ümit BAYRAM.

AI-analyzed exploit summary This exploit demonstrates a time-based SQL injection vulnerability in Netartmedia Deals Portal via the 'Email' POST parameter in loginaction.php. The payload uses XOR and sleep functions to confirm the vulnerability.

Description

Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authentication mechanisms.

Exploits (1)

exploitdb WORKING POC

by Ahmet Ümit BAYRAM · textwebappsphp

https://www.exploit-db.com/exploits/46582

View Code ZIP pw:eip

This exploit demonstrates a time-based SQL injection vulnerability in Netartmedia Deals Portal via the 'Email' POST parameter in loginaction.php. The payload uses XOR and sleep functions to confirm the vulnerability.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Netartmedia Deals Portal (Latest)

No auth needed

Prerequisites: Access to the login endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Mar 12, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/46582

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/netartmedia-deals-portal-lastest-sql-injection-via-loginaction-php

Scores

CVSS v3 8.2

EPSS 0.0030

EPSS Percentile 21.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Published Mar 12, 2026

Tracked Since Mar 12, 2026