CVE-2019-25346

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-25346
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/kostasmitroglou/thesystem Product
https://www.exploit-db.com/exploits/47430 Exploit VDB Entry
https://www.vulncheck.com/advisories/thesystem-servername-sql-injection Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:kostasmitroglou:password_management_application:1.0:*:*:*:*:*:*:*
History

02 Mar 2026, 15:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.1 		v2 : unknown
v3 : 7.5

27 Feb 2026, 16:08

Type Values Removed Values Added
CPE cpe:2.3:a:kostasmitroglou:password_management_application:1.0:*:*:*:*:*:*:*
Summary
  • (es) TheSystem 1.0 contiene una vulnerabilidad de inyección SQL que permite a los atacantes eludir la autenticación manipulando el parámetro 'server_name'. Los atacantes pueden inyectar código SQL malicioso como ' o '1=1 para recuperar registros de base de datos no autorizados y potencialmente acceder a información sensible del sistema.
First Time Kostasmitroglou
Kostasmitroglou password Management Application
References () https://github.com/kostasmitroglou/thesystem - () https://github.com/kostasmitroglou/thesystem - Product
References () https://www.exploit-db.com/exploits/47430 - () https://www.exploit-db.com/exploits/47430 - Exploit, VDB Entry
References () https://www.vulncheck.com/advisories/thesystem-servername-sql-injection - () https://www.vulncheck.com/advisories/thesystem-servername-sql-injection - Broken Link

12 Feb 2026, 20:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-12 20:16

Updated : 2026-03-02 15:16

NVD link : CVE-2019-25346

Mitre link : CVE-2019-25346

CVE.ORG link : CVE-2019-25346

JSON object : View

Products Affected

kostasmitroglou

  • password_management_application
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')