SQL Injection Vulnerability in itsourcecode Billing System
CVE-2024-7913

9.8CRITICAL

Key Information:

Vendor
Billingsyscode
Status
Billing System
Vendor
CVE Published:
18 August 2024

Summary

The itsourcecode Billing System 1.0 is affected by a critical SQL injection vulnerability due to inadequate validation of user input in the /addclient1.php file. This vulnerability allows attackers to manipulate the lname, fname, mi, address, contact, and meterReader parameters, enabling unauthorized access to the database. The exploit can be initiated remotely, making it a significant threat to organizations using this software. With the vulnerability publicly disclosed, immediate action is required to protect sensitive client data from potential exploitation.

References

https://vuldb.com/?id.275039
https://vuldb.com/?ctiid.275039
https://vuldb.com/?submit.391841

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD Database
.