Description
Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary SQL execution via unauthenticated SQL injection
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a classic SQL injection in the features[] parameter of Netartmedia PHP Real Estate Agency 4.0. An attacker can send a crafted POST request to index.php and inject arbitrary SQL. This allows extraction of sensitive database contents or modification of data, compromising confidentiality, integrity, and potentially availability of the real‑estate portal.

Affected Systems

The flaw affects Netartmedia PHP Real Estate Agency version 4.0 deployed as a web application by the Netartmedia vendor.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. EPSS is below 1 % suggesting low current exploitation probability, and the issue is not listed in CISA’s KEV catalog. The likely attack vector is an unauthenticated HTTP POST to the index.php endpoint; the description explicitly states this is how the payload is sent, so the vector is inferred from the provided evidence.

Generated by OpenCVE AI on April 7, 2026 at 09:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website for an official patch or newer release and apply it immediately.
  • If a patch is not available, restrict or disable the features[] parameter and implement proper input validation to prevent SQL injection.
  • Deploy a Web Application Firewall to filter and block malicious SQL payloads targeting the index.php endpoint.
  • Monitor web server logs for suspicious POST requests to index.php and investigate any anomalies.

Generated by OpenCVE AI on April 7, 2026 at 09:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Netartmedia real Estate Portal
CPEs cpe:2.3:a:netartmedia:real_estate_portal:4.0:*:*:*:*:*:*:*
Vendors & Products Netartmedia real Estate Portal

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Netartmedia
Netartmedia php Real Estate Agency
Vendors & Products Netartmedia
Netartmedia php Real Estate Agency

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
Title Netartmedia PHP Real Estate Agency 4.0 SQL Injection via features parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Netartmedia Php Real Estate Agency Real Estate Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:26:31.922Z

Reserved: 2026-03-12T14:25:10.051Z

Link: CVE-2019-25536

cve-icon Vulnrichment

Updated: 2026-03-12T16:26:16.653Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:07.970

Modified: 2026-04-07T01:17:57.890

Link: CVE-2019-25536

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:02:38Z

Weaknesses