SQL Injection Vulnerability in Itsourcecode Billing System by Itsourcde
CVE-2024-37849

9.8CRITICAL

Key Information:

Vendor: Itsourcecode
Status: Billing System
Vendor: CVE Published:; 13 June 2024

🔔 Create Itsourcecode Vulnerability Alert

What is CVE-2024-37849?

The vulnerability pertains to a SQL Injection flaw within Itsourcecode Billing System 1.0, which permits a local attacker to manipulate the application through the 'username' parameter in the process.php file. Exploiting this vulnerability can lead to the execution of arbitrary code, posing significant security risks for the overall integrity of the affected system. Users of this application should be aware of potential exploits and take necessary actions to mitigate these risks.

References

https://github.com/ganzhi-qcy/cve/issues/3

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Jun 10, 2024