CVE-2024-22628 | Budget and Expense Tracker System 1.0 date_end sql injection

Posted by Angelo Barbosa | Jan 16, 2024 | CVE

A vulnerability was found in Budget and Expense Tracker System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /expense_budget/admin/?page=reports/budget&date_start=2023-12-28. The manipulation of the argument date_end leads to sql injection.

This vulnerability was named CVE-2024-22628. The attack needs to be done within the local network. There is no exploit available.

CVE-2024-22628 | Budget and Expense Tracker System 1.0 date_end sql injection

Related Posts

CVE-2024-6061 | GPAC 2.5-DEV-rev228-g11067ea92-master MP4Box isoffin_read.c isoffin_process infinite loop (Issue 2871)

CVE-2024-40913 | Linux Kernel up to 6.1.94/6.6.34/6.9.5 cachefiles copy_to_user reference count

CVE-2024-45962 | October CMS up to 3.6.30 PDF File cross site scripting

CVE-2024-21919 | Rockwell Automation Arena Simulation up to 16.20.02 uninitialized pointer