Home / Vulnerability Intelligence / CVE-2019-25641

CVE-2019-25641 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 24, 2026

Netartmedia Vlog System - SQL Injection

Published: March 24, 2026Updated: March 24, 2026Remote Exploitable

Overview

Netartmedia Vlog System contains an sql injection caused by unsanitized input in the email parameter in the forgotten_password module, letting unauthenticated attackers extract sensitive database information via crafted POST requests to index.php.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive database information, potentially compromising the entire database.

Mitigation

Update to the latest version with SQL injection fixes or apply appropriate input sanitization and parameterized queries.

References

https://www.vulncheck.com/advisories/netartmedia-vlog-system-lastest-sql-injection-via-email-parameter
https://www.exploit-db.com/exploits/46583
https://www.netartmedia.net/vlogsystem/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25641
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N