Which versions of PHP are affected by CVE-2019-25531?

An unauthenticated SQL injection vulnerability in the Netartmedia Deals Portal login system allows attackers to manipulate database queries without a patch currently available.

Is there a public PoC exploit available for CVE-2019-25531?

Yes, a public proof-of-concept exploit is available for CVE-2019-25531. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2019-25531?

Within 24 hours: Isolate the affected Deals Portal from production if possible, enable enhanced logging on loginaction.php, and notify stakeholders of the risk. Within 7 days: Deploy WAF rules to block SQL injection patterns in the Email parameter, implement IP whitelisting for administrative access, and conduct a database audit for suspicious activities. Within 30 days: Contact vendor for patch availability timeline, evaluate alternative portals or replacement solutions, and perform penetration testing post-mitigation.

PHP CVE-2019-25531

Q: What is the CVSS score of CVE-2019-25531?

CVE-2019-25531 has a CVSS 4.0 base score of 8.8 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

HIGH

SQL Injection (CWE-89)

2026-03-12 disclosure@vulncheck.com

PHP SQLi

8.8

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 15, 2026 - 15:22 NVD

8.2 (HIGH) 8.8 (HIGH)

PoC Detected

Mar 12, 2026 - 21:07 vuln.today

Public exploit code

Analysis Generated

Mar 12, 2026 - 19:57 vuln.today

CVE Published

Mar 12, 2026 - 16:16 nvd

HIGH 8.2

DescriptionNVD

Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authentication mechanisms.

AnalysisAI

Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. [CVSS 8.2 HIGH]

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects the Email component of Email parameter of loginaction.php. Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authentication mechanisms.

Affected ProductsAI

Product: Email parameter of loginaction.php. Component: Email.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2019-25531 vulnerability details – vuln.today

Back

PHP CVE-2019-25531

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

PHP CVE-2019-25531

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code