Primary

Context

Part-DB Authentication Bypass Vulnerability in Login.php

Vulnerability

An authentication bypass vulnerability has been identified in Part-DB version 0.4. This vulnerability allows unauthenticated attackers to log in by injecting SQL syntax into the authentication parameters. By submitting a single quote followed by 'or' in the login form, attackers can bypass credential validation and gain unauthorized access to the application.

Impact

Exploitation of this vulnerability allows for unauthorized access to the application, bypassing the authentication mechanism.

Reproduction

To reproduce this vulnerability, send a POST request to the 'login.php' endpoint. Include a payload that injects SQL syntax, specifically a single quote followed by 'or', into the authentication parameters. This injection will bypass the normal credential validation process, allowing access to the application without proper authentication.

Remediation

Users are advised to update to Part-DB version 1.0.0 or later, as this vulnerability has been addressed in the newer version.

Added: Feb 20, 2026, 11:38 PM

Updated: Feb 20, 2026, 11:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

9.5

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

9.5

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Part-DB Authentication Bypass Vulnerability in Login.php

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Part-DB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating