Home / Vulnerability Intelligence / CVE-2019-25533

CVE-2019-25533 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 12, 2026

Netartmedia PHP Business Directory - SQL Injection

Published: March 12, 2026Updated: March 12, 2026Remote Exploitable

Overview

Netartmedia PHP Business Directory 4.2 contains an sql injection caused by unsanitized Email parameter in loginaction.php, letting unauthenticated attackers extract sensitive data or bypass authentication via crafted POST requests.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive database information or bypass authentication, compromising data confidentiality and system access.

Mitigation

Update to the latest version of Netartmedia PHP Business Directory.

References

https://www.exploit-db.com/exploits/46577
https://www.vulncheck.com/advisories/netartmedia-php-business-directory-sql-injection-via-loginaction-php

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25533
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: unconfirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N