PT-2024-16738 · Unknown · Itsourcecode Tailoring Management System
Dimengshi
·
Published
2024-11-11
·
Updated
2024-11-15
·
CVE-2024-11074
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
itsourcecode Tailoring Management System version 1.0
Description
A critical vulnerability was found in the itsourcecode Tailoring Management System, affecting the file /incadd.php. The manipulation of the arguments
inccat, desc, date, and amount leads to SQL injection. The attack can be initiated remotely.Recommendations
As a temporary workaround, consider restricting access to the vulnerable file /incadd.php until a patch is available.
Avoid using the parameters
inccat, desc, date, and amount in the affected API endpoint until the issue is resolved.
Update to the latest release to mitigate risks.
Review input validation on all parameters to prevent similar issues.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Itsourcecode Tailoring Management System