SQL Injection Vulnerability in itsourcecode Vehicle Management System
CVE-2024-7794

9.8CRITICAL

Key Information:

Vendor
Itsourcecode
Status
Vehicle Management System
Vendor
CVE Published:
14 August 2024

Summary

A newly identified SQL injection vulnerability exists in the itsourcecode Vehicle Management System version 1.0, specifically within the file mybill.php. This critical security flaw arises from inadequate validation of the 'id' parameter, allowing malicious actors to execute unauthorized SQL statements. The vulnerability can be exploited remotely, posing a significant risk to data integrity and user privacy. With this exploit disclosed publicly, immediate attention is required to mitigate potential attacks and safeguard sensitive information.

References

https://vuldb.com/?id.274562
https://vuldb.com/?ctiid.274562
https://vuldb.com/?submit.389900

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-7794 : SQL Injection Vulnerability in itsourcecode Vehicle Management System | SecurityVulnerability.io