Netartmedia PHP Real Estate Agency SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Netartmedia PHP Real Estate Agency version 4.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the features[] parameter. Exploitation involves sending POST requests to index.php with crafted SQL injections in the features[] parameter, potentially leading to the extraction of sensitive database information or manipulation of database queries.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to extract or manipulate database information.

Reproduction

To reproduce this vulnerability, send a POST request to index.php with a crafted SQL payload in the features[] parameter. The payload can be designed to, for example, select data from the database or manipulate database queries. This can be done using tools like Burp Suite or by writing a custom script that sends the appropriate POST request.