13 matches found
CVE-2019-25489
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
EUVD-2019-19715
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
CVE-2019-25489
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
CVE-2019-25489
CVE-2019-25489 — Normal mode Impacting: Homey BNB V4. The vulnerability is a SQL injection in the hosting_id parameter used by the rooms/ajax_refresh_subtotal endpoint. It allows unauthenticated attackers to manipulate database queries, potentially exfiltrating sensitive data and causing a denial...
CVE-2019-25489 Homey BNB V4 SQL Injection via ajax_refresh_subtotal
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
CVE-2019-25489
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
CVE-2019-25489 Homey BNB V4 SQL Injection via ajax_refresh_subtotal
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
PT-2026-22357
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting id parameter. Attackers can send GET requests to the rooms/ajax refresh subtotal endpoint with malicious hosting id values to extract...
CVE-2023-39711
Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...
CVE-2023-39711
Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...
CVE-2023-39711
Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...
CVE-2023-39711
Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...