Description
Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. Attackers can send POST requests to index.php with malicious payloads in the user_email field to bypass authentication, extract sensitive data, or modify database contents.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection leading to data exfiltration and integrity compromise
Action: Immediate Patch
AI Analysis

Impact

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to insert malicious SQL into the user_email parameter. This flaw can be used to bypass authentication, read sensitive database contents, or modify data, resulting in confidentiality and integrity loss. The weakness is a classic input validation error, categorized as CWE-89.

Affected Systems

The affected system is Netartmedia Real Estate Portal version 5.0, specifically the index.php script that processes the user_email field in POST requests.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, while an EPSS score of less than 1% suggests a low probability of exploitation today. It is not listed in the CISA KEV catalog. Attackers can remotely exploit the flaw via HTTP POST to index.php from an external network, with no authentication required.

Generated by OpenCVE AI on March 17, 2026 at 21:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Netartmedia’s website or vendor portal for a security patch or update for Real Estate Portal 5.0 and apply it as soon as possible.
  • Until a patch is available, restrict external access to the index.php endpoint using firewall rules or web‑application firewall (WAF) to mitigate potential exploitation.
  • As an additional precaution, consider changing database credentials to reduce privileges or disabling unused database functions.
  • Monitor logs for unusual POST activity to index.php and review database access logs for suspicious queries.

Generated by OpenCVE AI on March 17, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. Attackers can send POST requests to index.php with malicious payloads in the user_email field to bypass authentication, extract sensitive data, or modify database contents.
Title Netartmedia Real Estate Portal 5.0 SQL Injection via index.php
First Time appeared Netartmedia
Netartmedia real Estate Portal
Weaknesses CWE-89
CPEs cpe:2.3:a:netartmedia:real_estate_portal:5.0:*:*:*:*:*:*:*
Vendors & Products Netartmedia
Netartmedia real Estate Portal
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Netartmedia Real Estate Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:09:36.428Z

Reserved: 2026-03-12T14:28:05.216Z

Link: CVE-2019-25542

cve-icon Vulnrichment

Updated: 2026-03-12T16:09:29.067Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T16:16:09.297

Modified: 2026-03-17T20:24:17.740

Link: CVE-2019-25542

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:04Z

Weaknesses