CVE-2024-22628

Name of the Vulnerable Software and Affected Versions Budget and Expense Tracker System version 1.0

Description The issue is related to SQL Injection. It can be exploited via the "/expense budget/admin/?page=reports/budget&date start=2023-12-28&date end=" endpoint. The date start and date end variables are involved in the vulnerability.

Recommendations For Budget and Expense Tracker System version 1.0, consider disabling access to the "/expense budget/admin/?page=reports/budget" endpoint until a patch is available. Restrict the use of the date start and date end variables in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.