CVE-2024-22628 | Budget and Expense Tracker System 1.0 date_end sql injection

Posted by Angelo Barbosa | Jan 16, 2024 | CVE

A vulnerability was found in Budget and Expense Tracker System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /expense_budget/admin/?page=reports/budget&date_start=2023-12-28. The manipulation of the argument date_end leads to sql injection.

This vulnerability was named CVE-2024-22628. The attack needs to be done within the local network. There is no exploit available.

CVE-2024-22628 | Budget and Expense Tracker System 1.0 date_end sql injection

Related Posts

CVE-2024-9802 | Open Mainframe Project Zowe up to 2.16.x Conformance Validation Endpoint information disclosure

CVE-2024-34467 | ThinkPHP 8.0.3 Cookie think_exception.tpl PHPSESSION information exposure (Issue 2996)

CVE-2024-32544 | Netgsm Plugin up to 2.8 on WordPress cross site scripting

CVE-2024-3222 | SourceCodester PHP Task Management System 1.0 admin-password-change.php admin_id sql injection