CVE-2021-44098

Name of the Vulnerable Software and Affected Versions EGavilan Media Expense-Management-System version 1.0

Description The issue allows a remote attacker to compromise the application's SQL database via SQL Injection. This is possible through the "/expense action.php" API endpoint.

Recommendations For EGavilan Media Expense-Management-System version 1.0, consider restricting access to the "/expense action.php" endpoint until a patch is available. As a temporary workaround, avoid using user-inputted data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.