CVE-2024-0492

Name of the Vulnerable Software and Affected Versions Kashipara Billing Software version 1.0

Description A critical issue was found in the HTTP POST Request Handler component, specifically in the file buyer detail submit.php. The manipulation of the gstn no argument leads to sql injection. This issue can be exploited remotely.

Recommendations For Kashipara Billing Software version 1.0, consider restricting access to the buyer detail submit.php file until a patch is available. As a temporary workaround, avoid using the gstn no argument in the affected HTTP POST request handler to minimize the risk of exploitation.