πŸ” CVE Alert

CVE-2019-25489

HIGH 8.2

Homey BNB V4 SQL Injection via ajax_refresh_subtotal

CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET requests to the rooms/ajax_refresh_subtotal endpoint with malicious hosting_id values to extract sensitive database information or cause denial of service.

CWE CWE-89
Vendor doditsolutions
Product homey bnb (airbnb clone script)
Published Feb 27, 2026
Last Updated Apr 7, 2026
Stay Ahead of the Next One

Get instant alerts for doditsolutions homey bnb (airbnb clone script)

Be the first to know when new high vulnerabilities affecting doditsolutions homey bnb (airbnb clone script) are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Affected Versions

Doditsolutions / Homey BNB (Airbnb Clone Script)
V4

References

NVD β†— CVE.org β†— EPSS Data β†—
exploit-db.com: https://www.exploit-db.com/exploits/46616 doditsolutions.com: https://www.doditsolutions.com/airbnb-clone-script/ vulncheck.com: https://www.vulncheck.com/advisories/homey-bnb-sql-injection-via-ajaxrefreshsubtotal

Credits

Ahmet Ümit BAYRAM