cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7308,https://securityvulnerability.io/vulnerability/CVE-2024-7308,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A severe SQL Injection vulnerability exists in the SourceCodester Establishment Billing Management System 1.0, specifically within the /view_bill.php file. This vulnerability allows an attacker to manipulate the 'id' parameter, leading to potential unauthorized access to sensitive database information. The exploit can be executed remotely, making it particularly dangerous as it requires minimal interaction from the attacker. It is crucial for users of the affected product to implement immediate security measures to protect against possible exploitation.

For more details, refer to the following resources: [VDB-273200](https://vuldb.com/?id.273200), which provides a technical description, or [third-party advisory](https://vuldb.com/?submit.382329) on the matter.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T08:00:06.000Z,true,false,false,,2024-07-31T09:00:06.811Z,0
CVE-2024-7307,https://securityvulnerability.io/vulnerability/CVE-2024-7307,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A critical SQL injection vulnerability exists within the SourceCodester Establishment Billing Management System version 1.0, found specifically in the /manage_billing.php file. The flaw lies in the improper handling of the 'id' parameter, allowing attackers to manipulate SQL queries and execute arbitrary SQL code remotely. This exploitation may lead to unauthorized data access, data corruption, or loss. With the vulnerability being publicly disclosed, immediate attention is required to mitigate the risks associated with potential data breaches and to protect sensitive information handled by the affected billing management system.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T07:31:04.000Z,true,false,false,,2024-07-31T08:31:04.295Z,0
CVE-2024-7306,https://securityvulnerability.io/vulnerability/CVE-2024-7306,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A critical SQL injection vulnerability has been identified in the SourceCodester Establishment Billing Management System version 1.0. This vulnerability arises from improper handling of the 'id' argument in the /manage_block.php file, allowing attackers to execute arbitrary SQL commands via remote requests. Given its nature, the exploit is highly concerning, as it may lead to unauthorized access to sensitive data and further exploitation of backend databases. Security professionals and users of the affected product must take immediate action to mitigate potential risks.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T07:00:07.000Z,true,false,false,,2024-07-31T08:00:07.508Z,0
CVE-2024-7290,https://securityvulnerability.io/vulnerability/CVE-2024-7290,Billing Management System Vulnerable to SQL Injection Attacks,"A significant SQL injection vulnerability has been identified in the SourceCodester Establishment Billing Management System version 1.0, specifically in the manage_tenant.php file. This vulnerability allows attackers to manipulate the 'id' parameter, potentially enabling unauthorized access to the system's database. The exploit can be executed remotely, presenting a serious security risk. Given that this vulnerability has been publicly disclosed, immediate actions are recommended to address and mitigate potential exploitation.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T05:00:07.000Z,true,false,false,,2024-07-31T06:00:07.320Z,0
CVE-2024-7289,https://securityvulnerability.io/vulnerability/CVE-2024-7289,SQL Injection Vulnerability Affects SourceCodester System,"A vulnerability exists within the SourceCodester Establishment Billing Management System version 1.0, specifically in the /manage_payment.php file, where the 'id' argument can be manipulated. This leads to an SQL injection flaw, allowing attackers to execute malicious SQL queries. Since this issue can be exploited remotely, it poses a significant risk to user data and system integrity. The exploit has been disclosed publicly, heightening the urgency for organizations using the affected system to implement security measures as soon as possible.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T04:31:04.000Z,true,false,false,,2024-07-31T05:31:04.491Z,0
CVE-2024-7288,https://securityvulnerability.io/vulnerability/CVE-2024-7288,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A critical SQL injection vulnerability has been identified in the SourceCodester Establishment Billing Management System version 1.0. The issue arises from an insecure implementation in the /ajax.php?action=delete_block functionality, where the manipulation of the 'id' parameter allows unauthorized remote user access to execute arbitrary SQL commands on the database. This vulnerability could potentially expose sensitive data and compromise the integrity of the system. It is crucial for users of this system to apply immediate patches or mitigation strategies as the exploit has already been disclosed publicly, making systems that are not updated perilous to security threats.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T04:00:07.000Z,true,false,false,,2024-07-31T05:00:07.331Z,0
CVE-2024-7287,https://securityvulnerability.io/vulnerability/CVE-2024-7287,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A critical vulnerability has been identified in the SourceCodester Establishment Billing Management System version 1.0, specifically within the /manage_user.php file. The flaw arises from improper handling of user-supplied data in the 'id' argument, which allows attackers to perform SQL injection attacks remotely. This manipulation can lead to unauthorized access to sensitive data and may enable attackers to execute arbitrary SQL commands. Given the public disclosure of this exploit, it is crucial for users of this system to take immediate action to secure their applications against potential attacks. For reference and detailed information, please refer to VDB-273156.",Sourcecodester,Establishment Billing Management System,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-07-31T03:31:04.000Z,true,false,false,,2024-07-31T04:31:04.244Z,0
CVE-2024-7286,https://securityvulnerability.io/vulnerability/CVE-2024-7286,SQL Injection Vulnerability in SourceCodester Establishment Billing Management System,"A significant security flaw has been identified in the SourceCodester Establishment Billing Management System 1.0, where a SQL injection vulnerability exists within the login functionality located at /admin/ajax.php?action=login. This vulnerability allows remote attackers to manipulate the username input, potentially leading to unauthorized database access. Such an exploit may allow attackers to view, modify, or delete sensitive data within the database. The publicly disclosed nature of this vulnerability elevates the urgency for users to apply necessary patches or implement mitigation strategies swiftly to safeguard their systems against potential exploit attempts. Users are encouraged to review their system configurations and ensure that adequate security measures are in place to prevent such SQL injection attacks.",Sourcecodester,Establishment Billing Management System,9.8,CRITICAL,0.0006300000241026282,false,,false,false,true,2024-07-31T03:00:08.000Z,true,false,false,,2024-07-31T04:00:08.887Z,0
CVE-2024-7285,https://securityvulnerability.io/vulnerability/CVE-2024-7285,SourceCodester Billing Management System Vulnerable to Cross-Site Scripting,A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273154 is the identifier assigned to this vulnerability.,Sourcecodester,Establishment Billing Management System,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-07-31T02:31:04.000Z,true,false,false,,2024-07-31T03:31:04.494Z,0