Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Homey BNB V4 allows unauthorized access to database info
CVE-2019-25490
Summary
Attackers can send a special request to Homey BNB V4 and gain access to sensitive information in the database by manipulating how the system queries it. This could lead to unauthorized access to user or system data. Update Homey BNB V4 to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| doditsolutions | airbnb_clone_script | 4 | – |
Original title
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET req...
Original description
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026