The Netartmedia PHP Dating Site is vulnerable to a classic SQL injection flaw in the Email parameter of loginaction.php. An attacker can send specially crafted POST requests containing time‑based SQL injection payloads to the Email field, causing the application to execute arbitrary SQL code stored on the database. This flaw allows the attacker to read sensitive data from the database, thereby compromising confidentiality of user records. The vulnerability maps to CWE‑89 (SQL Injection) and carries a CVSS score of 8.8, indicating a high impact security weakness.

The affected product is Netartmedia Php Dating Site. No specific version numbers are provided in the publicly available data, so any installation of the Netartmedia PHP Dating Site that includes the loginaction.php endpoint is potentially vulnerable unless the application has been updated or patched after the disclosure.

The environmental EPSS score is reported to be less than 1%, suggesting that exploitation in the wild may be rare, and the vulnerability is not currently listed in the CISA KEV catalog. Nevertheless, the attack vector is straightforward: unauthenticated users can issue standard HTTP POST requests to the exposed loginaction.php page. Because the payload can be delivered over the public network without prior authentication, the risk to sensitive user data is high for any site that remains accessible and unpatched. The high CVSS score underscores the severity of potential data loss if exploited.