CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25490

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive database information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.7%

CVSS Severity

CVSS v3 Score 8.2

References

https://www.doditsolutions.com/airbnb-clone-script/
https://www.exploit-db.com/exploits/46616
https://www.vulncheck.com/advisories/homey-bnb-sql-injection-via-admin-editphp

Products affected by CVE-2019-25490

Doditsolutions » Airbnb Clone Script » Version: 4

cpe:2.3:a:doditsolutions:airbnb_clone_script:4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25490

Products

Pricing

Contact Us