CVE-2024-7936

EUVD-2024-48776
A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the argument start/end/employee leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
project_expense_monitoring_system_projectproject_expense_monitoring_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/DeepMountains/zzz/blob/main/CVE3-4.md
https://vuldb.com/?ctiid.275121
https://vuldb.com/?id.275121
https://vuldb.com/?submit.392948