PT-2025-15689 · Unknown · Roommate-Bill-Tracking

Published

2025-04-09

Updated

2025-04-09

CVE-2017-20197

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: propanetank Roommate-Bill-Tracking versions up to 288437f658fc9ee7d4b92a9da12557024d8bc55c

Description: A critical issue has been found in the code of the /includes/login.php file. The manipulation of the Username argument leads to SQL injection. This issue can be exploited remotely.

Recommendations: For versions up to 288437f658fc9ee7d4b92a9da12557024d8bc55c, apply the patch b32bb1b940f82d38fb9310cd66ebe349e20a1d0a to fix this issue. As a temporary workaround, consider restricting access to the /includes/login.php file until the patch is applied. Avoid using the Username argument in the affected login functionality until the issue is resolved.

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2017-20197

Affected Products

Roommate-Bill-Tracking

PT-2025-15689 · Unknown · Roommate-Bill-Tracking

CVE-2017-20197

Weakness Enumeration

Related Identifiers

Affected Products

References · 8