Netartmedia PHP Business Directory SQL Injection Vulnerability
Vulnerability
A SQL injection vulnerability has been identified in Netartmedia PHP Business Directory version 4.2. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Exploitation involves sending POST requests to the loginaction.php endpoint with crafted SQL payloads in the Email field, potentially leading to the extraction of sensitive database information or bypassing authentication.
Impact
Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could result in unauthorized data access, data manipulation, or bypassing authentication mechanisms.
Reproduction
To reproduce this vulnerability, send a POST request to the loginaction.php endpoint. Include a crafted SQL payload in the Email parameter. The injected SQL code can be designed to extract database information or exploit authentication processes.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.