Netartmedia PHP Car Dealer SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Netartmedia PHP Car Dealer. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Exploitation involves sending POST requests to index.php with crafted SQL payloads in the features[] parameter, potentially leading to the extraction of sensitive database information or manipulation of database queries.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to extract or manipulate database information.

Reproduction

To reproduce this vulnerability, send a POST request to index.php with a payload in the features[] parameter that includes malicious SQL code. The injected SQL will be executed by the application's database, allowing the attacker to manipulate or extract data.