CVE-2019-25494

Name of the Vulnerable Software and Affected Versions Homey BNB version 4

Description Homey BNB V4 contains an SQL injection flaw in the administration panel login. Unauthenticated attackers can bypass authentication by injecting SQL syntax into the username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.