Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Part-DB 0.4 allows unauthorized login with malicious input
CVE-2019-25432
Summary
An attacker can submit a specific character to the login form to gain unauthorized access to Part-DB 0.4. This is a serious issue because it allows anyone to access the application without a legitimate user account. To protect your data, update to a secure version of Part-DB.
Original title
Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quot...
Original description
Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to the application.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026