Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Netartmedia PHP Car Dealer: Unauthenticated Database Access
CVE-2019-25534
Summary
This vulnerability in the Netartmedia PHP Car Dealer software allows anyone to access and manipulate your database without a password. This could lead to sensitive information being stolen or altered. To protect your data, update the software to the latest version or patch.
Original title
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] paramete...
Original description
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026