CVE-2024-7680

Name of the Vulnerable Software and Affected Versions Itsourcode Tailoring Management System version 1.0

Description A critical issue has been identified, allowing for SQL injection through the manipulation of the id, inccat, desc, date, and amount arguments in the file /incedit.php. This can be exploited remotely. The issue affects an unknown part of the file.

Recommendations For Itsourcode Tailoring Management System version 1.0, consider validating input on the backend to prevent unauthorized access as a temporary mitigation measure. Avoid using the vulnerable arguments id, inccat, desc, date, and amount in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.