VYPR
← All advisories
High severity8.2NVD Advisory· Published Mar 12, 2026· Updated Apr 15, 2026

CVE-2019-25533

CVE-2019-25533

Description

Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated SQL injection in Netartmedia PHP Business Directory 4.2 via Email parameter in loginaction.php allows data extraction or authentication bypass.

Vulnerability

Description Netartmedia PHP Business Directory 4.2 is affected by an SQL injection vulnerability (CWE-89) in the loginaction.php endpoint. The Email parameter is not properly sanitized before being used in a database query, allowing an unauthenticated attacker to inject arbitrary SQL commands [1].

Exploitation

Attackers can exploit this vulnerability by sending a POST request to loginaction.php with a crafted Email parameter. The exploit does not require authentication or any special privileges. Public proof-of-concept code is available, demonstrating the injection using a time-based blind technique [2].

Impact

Successful exploitation enables attackers to extract sensitive data from the database, such as user credentials, or bypass the authentication mechanism entirely. The CVSS v4 score of 8.2 (High) reflects the low complexity and network attack vector, with high confidentiality impact [1].

Mitigation

As of the publication date, no official patch has been released. Users are advised to upgrade to a later version if available or apply input validation filtering to the Email parameter. The vendor's website (phpbusinessdirectory.com) may provide updates [1].

References
  1. Netartmedia PHP Business Directory 4.2 SQL Injection via loginaction.php
  2. OffSec’s Exploit Database Archive

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.