Description
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure & Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an SQL Injection in Netartmedia Jobs Portal 6.1 that occurs in loginaction.php through the Email parameter. Attackers can send crafted POST requests containing malicious SQL code. This allows unauthenticated users to read sensitive data from the database or bypass authentication, resulting in data theft and unauthorized access. The weakness is identified as CWE-89.

Affected Systems

The affected product is Netartmedia Jobs Portal version 6.1. No other versions or vendors are listed in the CNA data. The SQL injection specifically targets the loginaction.php script used for user login.

Risk and Exploitability

The CVSS score is 8.8, indicating a high severity vulnerability. The EPSS score is less than 1%, suggesting a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is a web-based POST request to loginaction.php, which does not require authentication. Attackers can exploit the flaw by sending malicious payloads to the Email field; no additional prerequisites are stated in the description. Overall risk is high severity but low exploitation likelihood.

Generated by OpenCVE AI on March 18, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Netartmedia’s official website or support channel for a security patch or updated release that addresses the SQL injection issue.
  • If a patch is available, download and apply it immediately to the Jobs Portal instance.
  • If no patch is available, implement input validation on the Email field, enforce parameterized queries, or sanitize user input to prevent SQL injection.
  • Consider restricting access to the loginaction.php endpoint or adding authentication for that endpoint in the meantime.

Generated by OpenCVE AI on March 18, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Netartmedia
Netartmedia jobs Portal
Vendors & Products Netartmedia
Netartmedia jobs Portal

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.
Title Netartmedia Jobs Portal 6.1 SQL Injection via loginaction.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Netartmedia Jobs Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:37:48.407Z

Reserved: 2026-03-12T14:24:07.637Z

Link: CVE-2019-25532

cve-icon Vulnrichment

Updated: 2026-03-12T16:37:38.936Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T16:16:07.200

Modified: 2026-03-12T21:07:53.427

Link: CVE-2019-25532

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:13Z

Weaknesses