Description
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email field to extract sensitive database information.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Breach
Action: Immediate Patch
AI Analysis

Impact

The application includes a time‑based blind SQL injection vulnerability in the loginaction.php script, within the Email input field, that allows an attacker to execute arbitrary SQL statements. This flaw is a classic injection (CWE-89) and could enable an unauthenticated user to extract sensitive database contents, compromising confidentiality and potentially providing a foothold for further attacks.

Affected Systems

The vulnerability affects Netartmedia Event Portal 2.0, as identified in the product list. No sub‑version details were provided, so all installations of this product that contain the loginaction.php file are potentially vulnerable.

Risk and Exploitability

The CVSS base score is 8.8, classifying the flaw as high severity. The EPSS score indicates a low exploitation probability (<1%), and the vulnerability does not appear in the CISA KEV catalog. The attack vector is inferred to be remote, via unauthenticated HTTP POST requests to loginaction.php with crafted Email payloads; exploitation requires monitoring time delays to infer database information.

Generated by OpenCVE AI on March 18, 2026 at 15:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install any available Netartmedia Event Portal 2.0 patch or update from the vendor website.
  • If no patch exists, block external POST access to loginaction.php using web server access controls or a firewall.
  • Deploy a Web Application Firewall rule to detect and block SQL injection patterns targeting the Email parameter.

Generated by OpenCVE AI on March 18, 2026 at 15:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Netartmedia
Netartmedia event Portal
Vendors & Products Netartmedia
Netartmedia event Portal

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email field to extract sensitive database information.
Title Netartmedia Event Portal 2.0 SQL Injection via loginaction.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Netartmedia Event Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:23:19.062Z

Reserved: 2026-03-12T14:25:27.642Z

Link: CVE-2019-25537

cve-icon Vulnrichment

Updated: 2026-03-12T16:23:15.405Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T16:16:08.180

Modified: 2026-03-12T21:07:53.427

Link: CVE-2019-25537

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:08Z

Weaknesses