ГлавнаяУязвимости → CVE-2024-37849
9.8критическая

CVE-2024-37849

Описание

A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.

Затрагиваемое ПО
Itsourcecode Billing system
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/ganzhi-qcy/cve/issues/3https://github.com/ganzhi-qcy/cve/issues/3