CVE-2024-6735

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0

Description: A critical issue has been identified in the Tailoring Management System, affecting the setgeneral.php file. This issue is related to the lack of protection against SQL query structure manipulation, which can lead to SQL injection. The manipulation of the sitename, email, mobile, sms, and currency arguments can initiate a remote attack, potentially allowing an attacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause a denial of service by sending specially crafted requests.

Recommendations: For Tailoring Management System version 1.0, as a temporary workaround, consider restricting access to the setgeneral.php file and avoiding the use of the sitename, email, mobile, sms, and currency parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.