SQL Injection Vulnerability in itsourcecode Vehicle Management System
CVE-2024-7794

9.8CRITICAL

Key Information:

Vendor: Itsourcecode
Status: Vehicle Management System
Vendor: CVE Published:; 14 August 2024

🔔 Create Itsourcecode Vulnerability Alert

What is CVE-2024-7794?

A newly identified SQL injection vulnerability exists in the itsourcecode Vehicle Management System version 1.0, specifically within the file mybill.php. This critical security flaw arises from inadequate validation of the 'id' parameter, allowing malicious actors to execute unauthorized SQL statements. The vulnerability can be exploited remotely, posing a significant risk to data integrity and user privacy. With this exploit disclosed publicly, immediate attention is required to mitigate potential attacks and safeguard sensitive information.

References

https://vuldb.com/?id.274562

https://vuldb.com/?ctiid.274562

https://vuldb.com/?submit.389900

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2024