Netartmedia Real Estate Portal SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Netartmedia Real Estate Portal version 5.0. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. Exploitation involves sending POST requests to index.php with malicious payloads in the user_email field, potentially bypassing authentication, extracting sensitive data, or modifying database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, data modification, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to index.php with a payload injected into the user_email parameter. The injected SQL code can be crafted to, for example, bypass authentication or extract data from the database. This vulnerability can also be exploited by sending a multipart POST request with the page parameter containing the SQL injection payload.