CVE-2019-25533
HIGHNetartmedia PHP Business Directory 4.2 - SQL Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-25533. PoCs published by Ahmet Ümit BAYRAM.
AI-analyzed exploit summary This is a functional SQL injection exploit for Netartmedia PHP Business Directory 4.2, targeting the 'Email' parameter in the login action. The payload uses a time-based blind SQLi technique with XOR and sleep functions to confirm vulnerability.
Description
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.
Exploits (1)
This is a functional SQL injection exploit for Netartmedia PHP Business Directory 4.2, targeting the 'Email' parameter in the login action. The payload uses a time-based blind SQLi technique with XOR and sleep functions to confirm vulnerability.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N