← volver
CVE-2019-25493

Homey BNB V4 SQL Injection via getrecord.php

CVSS 8.8 HIGHEPSS 0.3%CWE-89
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive database information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Doditsolutions · Homey BNB (Airbnb Clone Script)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.doditsolutions.com/airbnb-clone-script/https://www.exploit-db.com/exploits/46616https://www.vulncheck.com/advisories/homey-bnb-sql-injection-via-getrecordphp