{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25541", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-12T14:27:50.258Z", "datePublished": "2026-03-12T15:37:11.533Z", "dateUpdated": "2026-03-12T16:06:24.385Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-12T15:37:11.533Z"}, "datePublic": "2019-03-19T00:00:00.000Z", "title": "Netartmedia PHP Mall 4.1 Multiple SQL Injection", "descriptions": [{"lang": "en", "value": "Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "affected": [{"vendor": "Netartmedia", "product": "Netartmedia PHP Mall", "versions": [{"version": "4.1", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46562", "name": "ExploitDB-46562", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: Netartmedia PHP Mall 4.1 Multiple SQL Injection", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/netartmedia-php-mall-multiple-sql-injection-2"}], "credits": [{"lang": "en", "value": "Ahmet \u00dcmit BAYRAM", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T16:04:26.418640Z", "id": "CVE-2019-25541", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:06:24.385Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25541", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T16:04:26.418640Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:06:02.940Z"}}], "cna": {"title": "Netartmedia PHP Mall 4.1 Multiple SQL Injection", "credits": [{"lang": "en", "type": "finder", "value": "Ahmet \u00dcmit BAYRAM"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Netartmedia", "product": "Netartmedia PHP Mall", "versions": [{"status": "affected", "version": "4.1"}]}], "datePublic": "2019-03-19T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46562", "name": "ExploitDB-46562", "tags": ["exploit"]}, {"url": "https://www.vulncheck.com/advisories/netartmedia-php-mall-multiple-sql-injection-2", "name": "VulnCheck Advisory: Netartmedia PHP Mall 4.1 Multiple SQL Injection", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-12T15:37:11.533Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25541", "state": "PUBLISHED", "dateUpdated": "2026-03-12T16:06:24.385Z", "dateReserved": "2026-03-12T14:27:50.258Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-12T15:37:11.533Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netartmedia:php_mall:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB935AAC-442B-44E4-B0E3-5153D22199C0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information."}, {"lang": "es", "value": "Netartmedia PHP Mall 4.1 contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL que permiten a atacantes no autenticados manipular consultas a la base de datos a trav\u00e9s de par\u00e1metros no validados. Los atacantes pueden inyectar cargas \u00fatiles de SQL ciega basada en tiempo a trav\u00e9s del par\u00e1metro 'id' en index.php o el par\u00e1metro 'Email' en loginaction.php para extraer informaci\u00f3n sensible de la base de datos."}], "id": "CVE-2019-25541", "lastModified": "2026-03-23T13:28:35.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-12T16:16:09.083", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46562"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/netartmedia-php-mall-multiple-sql-injection-2"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Netartmedia PHP Mall", "source": "cna", "vendor": "Netartmedia"}, "product": "php_mall", "vendor": "netartmedia"}], "analysis": {"en": {"generated_at": "2026-03-23T14:38:43.968031+00:00", "value": {"mitigation_remediation": ["Check for and apply any vendor\u2011issued patch for Netartmedia PHP Mall 4.1. If a patch is not available, block or mitigate the vulnerable parameters using a Web Application Firewall rule that detects SQL injection patterns on the 'id' and 'Email' inputs. Limit public access to index.php and loginaction.php by requiring stricter authentication or moving them behind protected access controls. Monitor web server logs for suspicious activity and investigate any abnormal query patterns that may indicate injection attempts."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection enabling access to sensitive database information"}, "threat_synthesis": {"affected_systems": "The affected product is Netartmedia PHP Mall version 4.1. No other versions or vendor products are listed as vulnerable.", "description_and_impact": "Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow an unauthenticated attacker to manipulate database queries through the unvalidated 'id' parameter in index.php or the 'Email' parameter in loginaction.php, enabling extraction of sensitive database content via time\u2011based blind SQL payloads. The impact of successful exploitation is the potential disclosure of confidential data stored in the application database, possibly compromising customer personal information and transactional data.", "risk_and_exploitability": "The vulnerability has a CVSS score of 8.8, indicating high severity, while the EPSS score is less than 1%, suggesting a low probability of widespread exploitation in the near term. It is not listed in the CISA KEV catalog. Exploitation requires only unauthenticated web access and can be performed directly by crafting HTTP requests to the vulnerable parameters, making the attack vector straightforward and potentially automated."}}}}, "created": "2026-03-13T09:51:17.737459+00:00", "updated": "2026-03-24T10:39:47.465518+00:00", "vendors": ["netartmedia", "netartmedia$PRODUCT$php_mall"]}