Description
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection enabling access to sensitive database information
Action: Immediate Patch
AI Analysis

Impact

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow an unauthenticated attacker to manipulate database queries through the unvalidated 'id' parameter in index.php or the 'Email' parameter in loginaction.php, enabling extraction of sensitive database content via time‑based blind SQL payloads. The impact of successful exploitation is the potential disclosure of confidential data stored in the application database, possibly compromising customer personal information and transactional data.

Affected Systems

The affected product is Netartmedia PHP Mall version 4.1. No other versions or vendor products are listed as vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 8.8, indicating high severity, while the EPSS score is less than 1%, suggesting a low probability of widespread exploitation in the near term. It is not listed in the CISA KEV catalog. Exploitation requires only unauthenticated web access and can be performed directly by crafting HTTP requests to the vulnerable parameters, making the attack vector straightforward and potentially automated.

Generated by OpenCVE AI on March 23, 2026 at 14:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply any vendor‑issued patch for Netartmedia PHP Mall 4.1. If a patch is not available, block or mitigate the vulnerable parameters using a Web Application Firewall rule that detects SQL injection patterns on the 'id' and 'Email' inputs. Limit public access to index.php and loginaction.php by requiring stricter authentication or moving them behind protected access controls. Monitor web server logs for suspicious activity and investigate any abnormal query patterns that may indicate injection attempts.

Generated by OpenCVE AI on March 23, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:netartmedia:php_mall:4.1:*:*:*:*:*:*:*

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Netartmedia
Netartmedia php Mall
Vendors & Products Netartmedia
Netartmedia php Mall

Thu, 12 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information.
Title Netartmedia PHP Mall 4.1 Multiple SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Netartmedia Php Mall
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:06:24.385Z

Reserved: 2026-03-12T14:27:50.258Z

Link: CVE-2019-25541

cve-icon Vulnrichment

Updated: 2026-03-12T16:06:02.940Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:09.083

Modified: 2026-03-23T13:28:35.610

Link: CVE-2019-25541

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:39:47Z

Weaknesses