SQL Injection Vulnerability in Itsourcecode Billing System by Itsourcde
CVE-2024-37849

9.8CRITICAL

Key Information:

Vendor
Itsourcecode
Status
Billing System
Vendor
CVE Published:
13 June 2024

Summary

The vulnerability pertains to a SQL Injection flaw within Itsourcecode Billing System 1.0, which permits a local attacker to manipulate the application through the 'username' parameter in the process.php file. Exploiting this vulnerability can lead to the execution of arbitrary code, posing significant security risks for the overall integrity of the affected system. Users of this application should be aware of potential exploits and take necessary actions to mitigate these risks.

References

https://github.com/ganzhi-qcy/cve/issues/3

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-37849 : SQL Injection Vulnerability in Itsourcecode Billing System by Itsourcde | SecurityVulnerability.io