CVE-2023-49622

Name of the Vulnerable Software and Affected Versions Billing Software version 1.0

Description The issue affects the material bill.php?action=itemRelation resource, where the itemnameid parameter does not validate the characters received, sending them unfiltered to the database. This leads to multiple Unauthenticated SQL Injection vulnerabilities.

Recommendations For Billing Software version 1.0, as a temporary workaround, consider restricting access to the material bill.php?action=itemRelation resource until a patch is available. Avoid using the itemnameid parameter in this resource until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.