Home / Vulnerability Intelligence / CVE-2019-25537

CVE-2019-25537 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 12, 2026

Netartmedia Event Portal - SQL Injection

Published: March 12, 2026Updated: March 12, 2026Remote Exploitable

Overview

Netartmedia Event Portal 2.0 contains a time-based blind SQL injection caused by unsanitized input in the Email parameter in loginaction.php, letting unauthenticated attackers extract sensitive database information remotely.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive database information, leading to data disclosure and potential further compromise.

Mitigation

Update to the latest version or apply patches that sanitize SQL inputs in the Email parameter.

References

https://www.vulncheck.com/advisories/netartmedia-event-portal-sql-injection-via-loginaction-php
https://www.exploit-db.com/exploits/46560

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25537
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: unconfirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N