CVE-2024-37849

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Billing System version 1.0

Description A SQL Injection issue allows a local attacker to execute arbitrary code in process.php via the username parameter.

Recommendations For itsourcecode Billing System version 1.0, consider restricting access to the process.php file until a patch is available. As a temporary workaround, avoid using the username parameter in the affected process.php file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-94

Related Identifiers

CVE-2024-37849

Affected Products

Itsourcecode Billing System

CVE-2024-37849

Weakness Enumeration

Related Identifiers

Affected Products

References · 5