CVE-2019-25541

Description

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information.

PUBLISHED Reserved 2026-03-12 | Published 2026-03-12 | Updated 2026-03-12 | Assigner VulnCheck

Problem types

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Credits

Ahmet Ümit BAYRAM finder

References

www.exploit-db.com/exploits/46562 (ExploitDB-46562) exploit

www.vulncheck.com/...media-php-mall-multiple-sql-injection-2 (VulnCheck Advisory: Netartmedia PHP Mall 4.1 Multiple SQL Injection) third-party-advisory

cve.org (CVE-2019-25541)

nvd.nist.gov (CVE-2019-25541)

Download JSON