Netartmedia Event Portal Time-Based Blind SQL Injection Vulnerability

A time-based blind SQL injection vulnerability has been identified in Netartmedia Event Portal version 2.0. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Exploitation involves sending POST requests to loginaction.php with malicious SQL payloads in the Email field, enabling attackers to extract sensitive database information.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate SQL queries and potentially extract sensitive information from the database.

Reproduction

To reproduce this vulnerability, send a POST request to loginaction.php with a payload injected into the Email parameter. The payload should be crafted to exploit the SQL injection vulnerability, such as by using a SQL injection payload that includes a time-based delay, indicating successful exploitation.