CVE-2019-25490

Name of the Vulnerable Software and Affected Versions Homey BNB version 4

Description The software contains a SQL injection issue that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the id parameter. Exploitation involves sending GET requests to the ''/admin/edit.php'' endpoint with time-based SQL injection payloads to extract sensitive database information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.