Nixpkgs Security Tracker

Dismissed

Permalink CVE-2019-25432

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 1 month ago by @mweinelt Activity log

Created automatic suggestion 1 month ago
@mweinelt dismissed 1 month ago

Part-DB 0.4 Authentication Bypass via login.php

Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to the application.

References

VulnCheck Advisory: Part-DB 0.4 Authentication Bypass via login.php third-party-advisory
ExploitDB-47547 exploit
Part-DB Legacy GitHub Repository product

Affected products

Part-DB

==0.4

Matching in nixpkgs

pkgs.part-db

Open source inventory management system for your electronic components

nixos-unstable 2.4.0
- nixpkgs-unstable 2.4.0
- nixos-unstable-small 2.4.0
nixos-25.11 1.14.5
- nixos-25.11-small 1.14.5
- nixpkgs-25.11-darwin 1.14.5

Package maintainers

@felbinger Nico Felbinger <nico@felbinger.eu>

Too old, fixed years ago

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.part-db

Package maintainers