Netartmedia PHP Mall 4
Description
Netartmedia PHP Mall 4
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17282 vulnerabilities with AI analyst insights
Netartmedia PHP Mall 4
Netartmedia PHP Mall 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL cod...
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code thr...
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Netartmedia Event Portal 2
Netartmedia Event Portal 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Netartmedia PHP Real Estate Agency 4
Netartmedia PHP Real Estate Agency 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting S...
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting...
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Netartmedia PHP Business Directory 4
Netartmedia PHP Business Directory 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Netartmedia Jobs Portal 6
Netartmedia Jobs Portal 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction
Apply vendor patches immediately. Review database access controls and enable query logging.
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL cod...
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Inout EasyRooms Ultimate Edition v1
Inout EasyRooms Ultimate Edition v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Inout EasyRooms Ultimate Edition v1
Inout EasyRooms Ultimate Edition v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Inout EasyRooms Ultimate Edition v1
Inout EasyRooms Ultimate Edition v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Inout EasyRooms Ultimate Edition v1
Inout EasyRooms Ultimate Edition v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL...
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated atta...
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting ma...
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the k...
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests
Apply vendor patches immediately. Review database access controls and enable query logging.
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the k...
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests
Apply vendor patches immediately. Review database access controls and enable query logging.
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated atta...
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting...
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
FreeSMS 2
FreeSMS 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tradebox 5
Tradebox 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
PHPads 2
PHPads 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through...
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
osCommerce 2
osCommerce 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
osCommerce 2
osCommerce 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
osCommerce 2
osCommerce 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication...
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields
Apply vendor patches immediately. Review database access controls and enable query logging.
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code throug...
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code throug...
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code throug...
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through...
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through...
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter
Apply vendor patches immediately. Review database access controls and enable query logging.
---METADATA---
VENDOR: Homey
PRODUCT: Homey BNB
AFFECTED_VERSIONS: Homey BNB V4; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Homey BNB V4 contains an unauthenticated SQL injection vulnerability in the 'hosting_id' parameter, allowing for unauthorized database query manipulation.
Executive Summary:
An unauthenticated SQL injection vulnerability in Homey BNB V4 allows attackers to gain full access to the application's database, posing a critical risk to data privacy.
Vulnerability Details
CVE-ID: CVE-2019-25489
Affected Software: Homey Homey BNB
Affected Versions: Homey BNB V4; See vendor advisory for specific affected versions
Vulnerability: The vulnerability is an unauthenticated SQL injection flaw within the 'hosting_id' parameter of Homey BNB V4. This allows a remote attacker to bypass security controls and execute arbitrary SQL commands against the backend database without requiring any login credentials.
Business Impact
The impact of this vulnerability is severe, potentially resulting in the complete exfiltration of the database, including user information, booking details, and administrative credentials. The CVSS score of 8.2 and the unauthenticated nature of the attack elevate the urgency of this late-disclosure vulnerability.
Remediation Plan
Immediate Action: Apply the vendor-supplied patches for Homey BNB V4 immediately. If a patch is not available, consider taking the affected service offline until it can be secured.
Proactive Monitoring: Thoroughly audit database logs for evidence of past exploitation, specifically looking for unauthorized access to sensitive tables or unusual activity linked to the 'hosting_id' parameter.
Compensating Controls: Deploy a WAF with aggressive SQL injection filtering and restrict database access to the minimum required permissions.
Exploitation Status
Public Exploit Available: false
Analyst Notes: Although this is a late disclosure of a 2019 vulnerability, the risk remains high for any legacy systems still running Homey BNB V4. The unauthenticated nature of the flaw makes it a primary target for automated scanning tools.
Analyst Recommendation
This vulnerability must be remediated with the highest priority. The ability for unauthenticated attackers to manipulate the database represents a critical failure in security that can only be resolved through immediate patching or system replacement.