cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9088,https://securityvulnerability.io/vulnerability/CVE-2024-9088,Buffer Overflow Vulnerability in SourceCodester Telecom Billing Management System,"A critical buffer overflow vulnerability exists within the login function of the SourceCodester Telecom Billing Management System version 1.0. This vulnerability is triggered due to improper handling of the 'uname' argument, which can lead to arbitrary code execution. If exploited, an attacker could gain unauthorized access to the system by executing malicious code. This flaw presents a significant risk, as the exploit has already been disclosed publicly, allowing malicious actors to potentially leverage it in attacks. It is imperative for users of the affected software to apply patches or implement measures that mitigate the risk posed by this vulnerability.",Sourcecodester,Telecom Billing Management System,9.8,CRITICAL,0.003530000103637576,false,,false,false,true,2024-09-22T21:00:09.000Z,true,false,false,,2024-09-22T22:00:09.006Z,0
CVE-2024-8340,https://securityvulnerability.io/vulnerability/CVE-2024-8340,SQL Injection Vulnerability in SourceCodester Electric Billing Management System,"A serious security vulnerability has been identified in the SourceCodester Electric Billing Management System version 1.0, where improper validation of user input in the login process allows attackers to exploit an SQL injection flaw in the /Actions.php file. By manipulating the 'username' parameter, remote attackers can execute malicious SQL commands against the database, potentially compromising confidential user data. Due to the public disclosure of this vulnerability, organizations utilizing this software are strongly urged to apply necessary security patches and implement robust input validation measures to safeguard their systems.",Sourcecodester,Electric Billing Management System,9.8,CRITICAL,0.0010900000343099236,false,,false,false,true,2024-08-30T14:15:00.000Z,true,false,false,,2024-08-30T15:15:00.000Z,0
CVE-2024-8339,https://securityvulnerability.io/vulnerability/CVE-2024-8339,Vulnerability in Electric Billing Management System Could Lead to SQL Injection,"A SQL injection vulnerability exists in the SourceCodester Electric Billing Management System 1.0, specifically within the Connection Code Handler functionality found at /?page=tracks. This vulnerability allows for manipulation of the 'code' argument, potentially enabling remote attackers to execute arbitrary SQL commands. Successful exploitation may lead to unauthorized access to sensitive data stored in the underlying database. The public disclosure of this exploit underscores the urgent need for affected users to apply appropriate mitigations to protect their systems.",SourceCodester,Electric Billing Management System,9.8,CRITICAL,0.0010900000343099236,false,,false,false,false,,,false,false,,2024-08-30T15:15:00.000Z,0
CVE-2024-7308,https://securityvulnerability.io/vulnerability/CVE-2024-7308,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A severe SQL Injection vulnerability exists in the SourceCodester Establishment Billing Management System 1.0, specifically within the /view_bill.php file. This vulnerability allows an attacker to manipulate the 'id' parameter, leading to potential unauthorized access to sensitive database information. The exploit can be executed remotely, making it particularly dangerous as it requires minimal interaction from the attacker. It is crucial for users of the affected product to implement immediate security measures to protect against possible exploitation.

For more details, refer to the following resources: [VDB-273200](https://vuldb.com/?id.273200), which provides a technical description, or [third-party advisory](https://vuldb.com/?submit.382329) on the matter.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T08:00:06.000Z,true,false,false,,2024-07-31T09:00:06.811Z,0
CVE-2024-7307,https://securityvulnerability.io/vulnerability/CVE-2024-7307,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A critical SQL injection vulnerability exists within the SourceCodester Establishment Billing Management System version 1.0, found specifically in the /manage_billing.php file. The flaw lies in the improper handling of the 'id' parameter, allowing attackers to manipulate SQL queries and execute arbitrary SQL code remotely. This exploitation may lead to unauthorized data access, data corruption, or loss. With the vulnerability being publicly disclosed, immediate attention is required to mitigate the risks associated with potential data breaches and to protect sensitive information handled by the affected billing management system.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T07:31:04.000Z,true,false,false,,2024-07-31T08:31:04.295Z,0
CVE-2024-7306,https://securityvulnerability.io/vulnerability/CVE-2024-7306,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A critical SQL injection vulnerability has been identified in the SourceCodester Establishment Billing Management System version 1.0. This vulnerability arises from improper handling of the 'id' argument in the /manage_block.php file, allowing attackers to execute arbitrary SQL commands via remote requests. Given its nature, the exploit is highly concerning, as it may lead to unauthorized access to sensitive data and further exploitation of backend databases. Security professionals and users of the affected product must take immediate action to mitigate potential risks.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T07:00:07.000Z,true,false,false,,2024-07-31T08:00:07.508Z,0
CVE-2024-7290,https://securityvulnerability.io/vulnerability/CVE-2024-7290,Billing Management System Vulnerable to SQL Injection Attacks,"A significant SQL injection vulnerability has been identified in the SourceCodester Establishment Billing Management System version 1.0, specifically in the manage_tenant.php file. This vulnerability allows attackers to manipulate the 'id' parameter, potentially enabling unauthorized access to the system's database. The exploit can be executed remotely, presenting a serious security risk. Given that this vulnerability has been publicly disclosed, immediate actions are recommended to address and mitigate potential exploitation.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T05:00:07.000Z,true,false,false,,2024-07-31T06:00:07.320Z,0
CVE-2024-7289,https://securityvulnerability.io/vulnerability/CVE-2024-7289,SQL Injection Vulnerability Affects SourceCodester System,"A vulnerability exists within the SourceCodester Establishment Billing Management System version 1.0, specifically in the /manage_payment.php file, where the 'id' argument can be manipulated. This leads to an SQL injection flaw, allowing attackers to execute malicious SQL queries. Since this issue can be exploited remotely, it poses a significant risk to user data and system integrity. The exploit has been disclosed publicly, heightening the urgency for organizations using the affected system to implement security measures as soon as possible.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T04:31:04.000Z,true,false,false,,2024-07-31T05:31:04.491Z,0
CVE-2024-7288,https://securityvulnerability.io/vulnerability/CVE-2024-7288,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A critical SQL injection vulnerability has been identified in the SourceCodester Establishment Billing Management System version 1.0. The issue arises from an insecure implementation in the /ajax.php?action=delete_block functionality, where the manipulation of the 'id' parameter allows unauthorized remote user access to execute arbitrary SQL commands on the database. This vulnerability could potentially expose sensitive data and compromise the integrity of the system. It is crucial for users of this system to apply immediate patches or mitigation strategies as the exploit has already been disclosed publicly, making systems that are not updated perilous to security threats.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T04:00:07.000Z,true,false,false,,2024-07-31T05:00:07.331Z,0
CVE-2024-7287,https://securityvulnerability.io/vulnerability/CVE-2024-7287,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A critical vulnerability has been identified in the SourceCodester Establishment Billing Management System version 1.0, specifically within the /manage_user.php file. The flaw arises from improper handling of user-supplied data in the 'id' argument, which allows attackers to perform SQL injection attacks remotely. This manipulation can lead to unauthorized access to sensitive data and may enable attackers to execute arbitrary SQL commands. Given the public disclosure of this exploit, it is crucial for users of this system to take immediate action to secure their applications against potential attacks. For reference and detailed information, please refer to VDB-273156.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T03:31:04.000Z,true,false,false,,2024-07-31T04:31:04.244Z,0
CVE-2024-7286,https://securityvulnerability.io/vulnerability/CVE-2024-7286,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A significant security flaw has been identified in the SourceCodester Establishment Billing Management System 1.0, where a SQL injection vulnerability exists within the login functionality located at /admin/ajax.php?action=login. This vulnerability allows remote attackers to manipulate the username input, potentially leading to unauthorized database access. Such an exploit may allow attackers to view, modify, or delete sensitive data within the database. The publicly disclosed nature of this vulnerability elevates the urgency for users to apply necessary patches or implement mitigation strategies swiftly to safeguard their systems against potential exploit attempts. Users are encouraged to review their system configurations and ensure that adequate security measures are in place to prevent such SQL injection attacks.",Sourcecodester,Establishment Billing Management System,9.8,CRITICAL,0.0006300000241026282,false,,false,false,true,2024-07-31T03:00:08.000Z,true,false,false,,2024-07-31T04:00:08.887Z,0
CVE-2024-7285,https://securityvulnerability.io/vulnerability/CVE-2024-7285,SourceCodester Billing Management System Vulnerable to Cross-Site Scripting,A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273154 is the identifier assigned to this vulnerability.,Sourcecodester,Establishment Billing Management System,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-07-31T02:31:04.000Z,true,false,false,,2024-07-31T03:31:04.494Z,0
CVE-2023-2689,https://securityvulnerability.io/vulnerability/CVE-2023-2689,SourceCodester Billing Management System GET Parameter editproduct.php sql injection,"A vulnerability affecting the SourceCodester Billing Management System version 1.0 has been identified, allowing SQL injection through manipulation of the 'id' parameter in the editproduct.php file. This flaw enables an attacker to execute arbitrary SQL queries, which may lead to unauthorized access to sensitive data. The vulnerability can be exploited remotely, raising potential risks for data integrity and confidentiality. The exploit details are publicly disclosed, highlighting the urgency for users to apply security measures.",SourceCodester,Billing Management System,8.8,HIGH,0.007780000101774931,false,,false,false,false,,,false,false,,2023-05-14T08:15:00.000Z,0
CVE-2023-2595,https://securityvulnerability.io/vulnerability/CVE-2023-2595,SourceCodester Billing Management System POST Parameter ajax_service.php sql injection,"A vulnerability in the SourceCodester Billing Management System exposes the ajax_service.php file to SQL injection via improper handling of the 'drop_services' parameter. This weakness allows attackers to execute unauthorized SQL commands, potentially compromising sensitive data. The attack can be executed remotely, increasing the risk of exploitation. Awareness and timely remediation are essential, especially since the details of this vulnerability have been made public.",SourceCodester,Billing Management System,9.8,CRITICAL,0.010409999638795853,false,,false,false,false,,,false,false,,2023-05-09T13:15:00.000Z,0