Description
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information including user credentials and system data.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Breach via SQL Injection
Action: Immediate Patch
AI Analysis

Impact

Netartmedia PHP Mall 4.1 contains multiple SQL injection flaws that enable any unauthenticated attacker to embed malicious SQL code into inbound parameters. By crafting crafted requests, an attacker can alter the intended database queries and retrieve sensitive data such as user credentials and system configuration. The vulnerability compromises the confidentiality of stored information and may allow further manipulation of database contents, potentially leading to unauthorized access or data tampering.

Affected Systems

The affected product is Netartmedia PHP Mall version 4.1. No other versions or variations are specified, and the vendor explicitly identifies this single release as vulnerable.

Risk and Exploitability

The vulnerability scores a CVSS score of 8.8, indicating high severity and a significant potential impact on data integrity and confidentiality. The EPSS score is reported as under 1%, suggesting a low current exploit probability, and the flaw is not listed in the CISA KEV catalogue. The likely attack vector is an unauthenticated HTTP request to the web application, where the attacker can supply malicious payloads through user input fields before authentication is required.

Generated by OpenCVE AI on March 23, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade to the latest supported version of Netartmedia PHP Mall.
  • If a patch is unavailable, disable or protect the vulnerable endpoints by restricting access to trusted IP addresses or networks.
  • Deploy a Web Application Firewall to detect and block SQL injection attempts.
  • Monitor application logs for suspicious query activity and unauthorized data access attempts.
  • Review and enforce least‑privilege database permissions for application users.

Generated by OpenCVE AI on March 23, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:netartmedia:php_mall:4.1:*:*:*:*:*:*:*

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Netartmedia
Netartmedia php Mall
Vendors & Products Netartmedia
Netartmedia php Mall

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information including user credentials and system data.
Title Netartmedia PHP Mall 4.1 Multiple SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Netartmedia Php Mall
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:19:03.624Z

Reserved: 2026-03-12T14:27:44.011Z

Link: CVE-2019-25540

cve-icon Vulnrichment

Updated: 2026-03-12T16:18:53.960Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:08.870

Modified: 2026-03-23T13:32:39.570

Link: CVE-2019-25540

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:39:48Z

Weaknesses