SQL Injection Vulnerability in Itsourcecode Billing System
CVE-2024-7839

9.8CRITICAL

Key Information:

Vendor: Itsourcecode
Status: Billing System
Vendor: CVE Published:; 15 August 2024

🔔 Create Itsourcecode Vulnerability Alert

What is CVE-2024-7839?

A critical SQL injection vulnerability has been identified in Itsourcecode's Billing System version 1.0, specifically impacting the addbill.php file. This weakness occurs due to improper validation of user input in the owners_id parameter, allowing malicious users to manipulate SQL queries executed by the application. The exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, data exfiltration, or further compromise of the underlying system. As this vulnerability is publicly disclosed, immediate action is essential for organizations using this software to implement preventive measures and safeguard their data.

References

https://vuldb.com/?id.274743

https://vuldb.com/?ctiid.274743

https://vuldb.com/?submit.391531

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2024