Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Netartmedia PHP Business Directory 4.2: Unauthenticated Database Access
CVE-2019-25533
Summary
An attacker can access sensitive database information without a login by sending a specially crafted email to the login page. This is a serious issue because it allows unauthorized access to sensitive data. Update to the latest version of Netartmedia PHP Business Directory to fix this problem.
Original title
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter...
Original description
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026