SQL Injection Vulnerability in itsourcecode Payroll Management System
CVE-2024-8567
Key Information:
- Vendor
Itsourcecode
- Vendor
- CVE Published:
- 8 September 2024
Badges
What is CVE-2024-8567?
A serious SQL injection vulnerability has been identified in version 1.0 of the itsourcecode Payroll Management System. This flaw is located within the processing of requests to the endpoint /ajax.php?action=delete_deductions, specifically the manipulation of the 'id' argument. Attackers can exploit this vulnerability remotely, potentially leading to unauthorized access to sensitive data stored in the application’s database. The exploit has already been publicly disclosed, increasing the urgency for users to apply necessary security measures and updates to protect their systems from potential threats.
Affected Version(s)
Payroll Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.