Description
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection – potential data disclosure or manipulation
Action: Patch Immediately
AI Analysis

Impact

Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows an unauthenticated attacker to execute arbitrary SQL queries by injecting malicious code through the features[] parameter in a POST request to index.php. The vulnerability can be exploited to extract sensitive database information or to modify database queries, thereby compromising the confidentiality and integrity of the application’s data. The weakness is identified as CWE‑89.

Affected Systems

The vulnerability applies to the Netartmedia PHP Car Dealer product. No specific version information is provided in the CVE data, so all current installations may be affected until an official fix is applied.

Risk and Exploitability

The CVSS score is 8.8, indicating a high severity assessment. The EPSS score is reported as less than 1 %, suggesting a low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires only a remote HTTP POST request containing a crafted payload in the features[] field, with no authentication or privileged access required. The attack vector is therefore remote, unauthenticated, and publicly reachable.

Generated by OpenCVE AI on March 18, 2026 at 15:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or security advisories for an official patch or update.
  • If no patch is available, restrict or remove the features[] parameter from public interfaces or configure the application to reject invalid input.
  • Sanitize and validate the features[] parameter on the server side, ensuring queries use prepared statements or proper escaping.
  • Monitor web and database logs for suspicious POST requests or anomalous query activity.
  • Apply network-level restrictions to limit exposure to trusted IP ranges if feasible.

Generated by OpenCVE AI on March 18, 2026 at 15:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Netartmedia
Netartmedia php Car Dealer
Vendors & Products Netartmedia
Netartmedia php Car Dealer

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
Title Netartmedia PHP Car Dealer SQL Injection via features parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Netartmedia Php Car Dealer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:30:38.938Z

Reserved: 2026-03-12T14:24:47.164Z

Link: CVE-2019-25534

cve-icon Vulnrichment

Updated: 2026-03-12T16:30:34.484Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T16:16:07.567

Modified: 2026-03-12T21:07:53.427

Link: CVE-2019-25534

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:11Z

Weaknesses