SQL Injection Vulnerability in itsourcecode Billing System
CVE-2024-7913

9.8CRITICAL

Key Information:

Vendor: Billingsyscode
Status: Billing System
Vendor: CVE Published:; 18 August 2024

🔔 Create Billingsyscode Vulnerability Alert

What is CVE-2024-7913?

The itsourcecode Billing System 1.0 is affected by a critical SQL injection vulnerability due to inadequate validation of user input in the /addclient1.php file. This vulnerability allows attackers to manipulate the lname, fname, mi, address, contact, and meterReader parameters, enabling unauthorized access to the database. The exploit can be initiated remotely, making it a significant threat to organizations using this software. With the vulnerability publicly disclosed, immediate action is required to protect sensitive client data from potential exploitation.

References

https://vuldb.com/?id.275039

https://vuldb.com/?ctiid.275039

https://vuldb.com/?submit.391841

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2024