Marvoloo

**Name of the Vulnerable Software and Affected Versions** Part-DB version 0.4 **Description** The application suffers from an authentication bypass. An unauthenticated attacker can log in by injecting SQL syntax into authentication parameters. Specifically, submitting a single quote followed by 'or' in the login form bypasses credential validation, granting unauthorized access. The vulnerable parameters are those used in the login form. **Recommendations** Apply input validation and sanitization to all authentication parameters to prevent SQL injection attacks.