← volver
CVE-2019-25492

Homey BNB V4 SQL Injection via getcmsdata.php

CVSS 8.8 HIGHEPSS 0.3%CWE-89
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Doditsolutions · Homey BNB (Airbnb Clone Script)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.doditsolutions.com/airbnb-clone-script/https://www.exploit-db.com/exploits/46616https://www.vulncheck.com/advisories/homey-bnb-sql-injection-via-getcmsdataphp