SQL Injection Vulnerability in Itsourcode Project Expense Monitoring System Backend Login
CVE-2024-7933

9.8CRITICAL

Key Information:

Vendor: itsourcecode
Status: Project Expense Monitoring System
Vendor: CVE Published:; 19 August 2024

🔔 Create itsourcecode Vulnerability Alert

What is CVE-2024-7933?

The Itsourcode Project Expense Monitoring System 1.0 is impacted by a significant SQL injection vulnerability in the backend login component. Specifically, the issue resides in the file 'login1.php', where improper handling of the 'user' parameter allows remote attackers to execute unauthorized SQL commands. This can lead to unauthorized access to sensitive database information. The exploit has been publicly disclosed, enabling malicious actors to potentially compromise the integrity and confidentiality of the system's data.

References

https://vuldb.com/?id.275118

https://vuldb.com/?ctiid.275118

https://vuldb.com/?submit.392945

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2024

JSON