exploitDog

CVE-2019-25494

Опубликовано: 27 фев. 2026

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel.

Ссылки

https://www.doditsolutions.com/airbnb-clone-script/
Product
https://www.exploit-db.com/exploits/46616
Exploit
VDB Entry
https://www.vulncheck.com/advisories/homey-bnb-sql-injection-authentication-bypass-via-admin-panel
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:doditsolutions:airbnb_clone_script:4:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.0032

Низкий

8.2 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-22p3-cw83-672h

CVSS3: 8.2

github

27 дней назад

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel.

EPSS

Процентиль: 55%

0.0032

Низкий

8.2 High

CVSS3

Дефекты

CWE-89