PT-2026-7883 · Kostasmitroglou · Password Management Application+1
Published
2026-02-12
·
Updated
2026-03-02
·
CVE-2019-25347
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
thesystem App version 1.0
Description
The software contains a SQL injection flaw that enables attackers to circumvent authentication. By altering the
username parameter, attackers can inject malicious SQL code, such as ' or '1=1', into the username field to obtain unauthorized access to user accounts.Recommendations
Apply input validation and sanitization to the
username parameter to prevent the injection of malicious SQL code.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Password Management Application
Thesystem