SQL Injection Vulnerability in Itsourcecode Billing System
CVE-2024-7839

9.8CRITICAL

Key Information:

Vendor
Itsourcecode
Status
Billing System
Vendor
CVE Published:
15 August 2024

Summary

A critical SQL injection vulnerability has been identified in Itsourcecode's Billing System version 1.0, specifically impacting the addbill.php file. This weakness occurs due to improper validation of user input in the owners_id parameter, allowing malicious users to manipulate SQL queries executed by the application. The exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, data exfiltration, or further compromise of the underlying system. As this vulnerability is publicly disclosed, immediate action is essential for organizations using this software to implement preventive measures and safeguard their data.

References

https://vuldb.com/?id.274743
https://vuldb.com/?ctiid.274743
https://vuldb.com/?submit.391531

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-7839 : SQL Injection Vulnerability in Itsourcecode Billing System | SecurityVulnerability.io