Unauthenticated SQL Injection Vulnerability in Billing Software by Kashipara
CVE-2023-49641

9.8CRITICAL

Key Information:

Vendor

Kashipara

Status
Billing Software
Vendor
CVE Published:
13 May 2025

What is CVE-2023-49641?

The Billing Software version 1.0 developed by Kashipara is exposed to multiple unauthenticated SQL injection vulnerabilities. Specifically, the 'username' parameter in the loginCheck.php entry point fails to properly validate and sanitize input data before it is sent to the database. This oversight enables attackers to manipulate database queries, potentially leading to unauthorized access and data breaches. It's crucial for users of this software to apply security measures and patches to mitigate the risks associated with this vulnerability.

References

https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2023-49641 : Unauthenticated SQL Injection Vulnerability in Billing Software by Kashipara