CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25489

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET requests to the rooms/ajax_refresh_subtotal endpoint with malicious hosting_id values to extract sensitive database information or cause denial of service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.5%

CVSS Severity

CVSS v3 Score 8.2

References

https://www.doditsolutions.com/airbnb-clone-script/
https://www.exploit-db.com/exploits/46616
https://www.vulncheck.com/advisories/homey-bnb-sql-injection-via-ajaxrefreshsubtotal

Products affected by CVE-2019-25489

Doditsolutions » Airbnb Clone Script » Version: 4

cpe:2.3:a:doditsolutions:airbnb_clone_script:4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25489

Products

Pricing

Contact Us