CVE-2019-25541

HIGH

Netartmedia PHP Mall 4.1 - SQL Injection

Title source: llm

Description

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ahmet Ümit BAYRAM · textwebappsphp

https://www.exploit-db.com/exploits/46562

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/46562

[Third Party Advisory] https://www.vulncheck.com/advisories/netartmedia-php-mall-multiple-sql-injection-2

Scores

CVSS v3 8.2

EPSS 0.0017

EPSS Percentile 38.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Details

CWE

CWE-89

Status published

Products (1)

netartmedia/php_mall 4.1

Published Mar 12, 2026

Tracked Since Mar 12, 2026