PT-2024-38586 · Unknown · Itsourcecode Vehicle Management System
Roobes
·
Published
2024-08-14
·
Updated
2025-12-19
·
CVE-2024-7794
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
itsourcecode Vehicle Management System version 1.0
Description
A critical issue has been found in the itsourcecode Vehicle Management System, affecting some unknown functionality of the file mybill.php. The manipulation of the
id argument leads to SQL injection. This issue can be exploited remotely.Recommendations
For itsourcecode Vehicle Management System version 1.0, consider disabling the
id argument in the mybill.php file as a temporary workaround to minimize the risk of SQL injection exploitation. Restrict access to the mybill.php file to minimize the risk of remote attacks. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Itsourcecode Vehicle Management System