Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Netartmedia Event Portal 2.0 lets attackers steal database info
CVE-2019-25537
Summary
An attacker can send a malicious email and gain access to sensitive database information, potentially compromising user data and system security. This issue affects unpatched versions of Netartmedia Event Portal 2.0. Update to the latest version to fix the problem.
Original title
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email par...
Original description
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email field to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026