CVE-2019-25347

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-25347
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/kostasmitroglou/thesystem Product
https://www.exploit-db.com/exploits/47432 Exploit VDB Entry
https://www.vulncheck.com/advisories/thesystem-app-username-sql-injection Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:kostasmitroglou:password_management_application:1.0:*:*:*:*:*:*:*
History

02 Mar 2026, 15:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.1 		v2 : unknown
v3 : 7.5

27 Feb 2026, 15:53

Type Values Removed Values Added
References () https://github.com/kostasmitroglou/thesystem - () https://github.com/kostasmitroglou/thesystem - Product
References () https://www.exploit-db.com/exploits/47432 - () https://www.exploit-db.com/exploits/47432 - Exploit, VDB Entry
References () https://www.vulncheck.com/advisories/thesystem-app-username-sql-injection - () https://www.vulncheck.com/advisories/thesystem-app-username-sql-injection - Third Party Advisory
Summary
  • (es) thesystem App 1.0 contiene una vulnerabilidad de inyección SQL que permite a los atacantes eludir la autenticación manipulando el parámetro de nombre de usuario. Los atacantes pueden inyectar código SQL malicioso como ' o '1=1 en el campo de nombre de usuario para obtener acceso no autorizado a las cuentas de usuario.
CPE cpe:2.3:a:kostasmitroglou:password_management_application:1.0:*:*:*:*:*:*:*
First Time Kostasmitroglou
Kostasmitroglou password Management Application

12 Feb 2026, 20:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-12 20:16

Updated : 2026-03-02 15:16

NVD link : CVE-2019-25347

Mitre link : CVE-2019-25347

CVE.ORG link : CVE-2019-25347

JSON object : View

Products Affected

kostasmitroglou

  • password_management_application
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')