CVE-2019-25347

High CVSS: 7.1

thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts.

Vendor

Kostasmitroglou

Product

Password Management Application

CWE

CWE-89

Yayın Tarihi

2026-02-12 20:16:01

Güncelleme

2026-03-02 15:16:23

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-89 Password Management Application HIGH Kostasmitroglou 2026

Referanslar

https://github.com/kostasmitroglou/thesystem https://www.exploit-db.com/exploits/47432 https://www.vulncheck.com/advisories/thesystem-app-username-sql-injection

Benzer Kayıtlar

Critical

CVE-2019-25441

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary syst…

High

CVE-2019-25346

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the…

Medium

CVE-2019-25311

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious…