CVE-2019-25432

Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to...

CVE-2019-25432 Part-DB 0.4 Authentication Bypass via login.php

Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to...

CVE-2019-25432 Part-DB 0.4 Authentication Bypass via login.php

Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to...

PT-2025-33100 · Part-Db · Part-Db

Name of the Vulnerable Software and Affected Versions: Part-DB versions prior to 1.17.3 Description: Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user could upload a profile picture with a misleading file extension e.g...

part-db 跨站脚本漏洞

part-db is a web-based database for managing electronic components. A security vulnerability exists in part-db versions prior to 1.0.2, which stems from not properly escaping user input and can be exploited by an attacker to inject arbitrary HTML into a page...

part-db 操作系统命令注入漏洞

part-db is a web-based database used to manage electronic components. An operating system command injection vulnerability exists in part-db that stems from the presence of system command injection in part-db...