Part Db Server
by Part DB
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25432 | Hig | 0.49 | 7.5 | 0.00 | Feb 20, 2026 | Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain… | ||
| CVE-2025-5007 | Low | 0.16 | 3.5 | 0.00 | May 20, 2025 | A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the… | ||
| CVE-2022-0848 | Cri | 0.06 | 9.8 | 0.35 | Mar 4, 2022 | OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. | ||
| CVE-2025-55194 | 0.00 | — | 0.00 | Aug 13, 2025 | Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server Error when attempting to… | |||
| CVE-2023-26042 | Med | 0.00 | 6.1 | 0.01 | Feb 27, 2023 | Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is… |
- risk 0.49cvss 7.5epss 0.00
Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain…
- risk 0.16cvss 3.5epss 0.00
A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the…
- risk 0.06cvss 9.8epss 0.35
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.
- CVE-2025-55194Aug 13, 2025risk 0.00cvss —epss 0.00
Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server Error when attempting to…
- risk 0.00cvss 6.1epss 0.01
Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is…