Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Homey BNB V4 Login Can Be Hijacked with Malicious Input
CVE-2019-25494
Summary
Attackers can bypass Homey BNB V4's login security by entering malicious text into the username and password fields, potentially gaining access to the admin panel. This could allow them to make changes to the website or steal sensitive information. Update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| doditsolutions | airbnb_clone_script | 4 | – |
Original title
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and passw...
Original description
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 27 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026