CVE-2019-25346

High CVSS: 7.1

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information.

Vendor

Kostasmitroglou

Product

Password Management Application

CWE

CWE-89

Yayın Tarihi

2026-02-12 20:16:01

Güncelleme

2026-03-02 15:16:22

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-89 Password Management Application HIGH Kostasmitroglou 2026

Referanslar

https://github.com/kostasmitroglou/thesystem https://www.exploit-db.com/exploits/47430 https://www.vulncheck.com/advisories/thesystem-servername-sql-injection

Benzer Kayıtlar

Critical

CVE-2019-25441

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary syst…

High

CVE-2019-25347

thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating…

Medium

CVE-2019-25311

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious…