Wudongg

#9380of 53,633
29.4Total CVSS
Vulnerabilities · 3
Critical
3
PT-2024-38680
9.8
2024-08-18
Unknown · Itsourcecode Billing System · CVE-2024-7913
**Name of the Vulnerable Software and Affected Versions** itsourcecode Billing System version 1.0 **Description** A critical issue affects the processing of the file /addclient1.php, where the manipulation of the arguments `lname`, `fname`, `mi`, `address`, `contact`, `meterReader` leads to SQL injection. The attack can be initiated remotely. A public exploit has been disclosed. **Recommendations** For itsourcecode Billing System version 1.0, as a temporary workaround, consider restricting access to the /addclient1.php file until a patch is available. Avoid using the arguments `lname`, `fname`, `mi`, `address`, `contact`, `meterReader` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-38617
9.8
2024-08-15
Unknown · Sourcecodester Online Food Ordering System · CVE-2024-7838
**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Food Ordering System version 1.0 **Description** A critical issue affects some unknown functionality of the file /addcategory.php. The manipulation of the `cname` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For itsourcecode Online Food Ordering System version 1.0, consider restricting access to the /addcategory.php file until a patch is available. As a temporary workaround, avoid using the `cname` argument in the affected file to minimize the risk of exploitation.
PT-2024-38618
9.8
2024-08-15
Unknown · Itsourcecode Billing System · CVE-2024-7839
**Name of the Vulnerable Software and Affected Versions** itsourcecode Billing System version 1.0 **Description** A critical vulnerability has been found in the itsourcecode Billing System. This issue affects an unknown part of the file `addbill.php`. The manipulation of the argument `owners id` leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For itsourcecode Billing System version 1.0, consider restricting access to the `addbill.php` file until a patch is available. As a temporary workaround, avoid using the `owners id` argument in the affected file to minimize the risk of exploitation.