A vulnerability was found in Budget and Expense Tracker System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /expense_budget/admin/?page=reports/budget&date_start=2023-12-28. The manipulation of the argument date_end leads to sql injection.
This vulnerability was named CVE-2024-22628. The attack needs to be done within the local network. There is no exploit available.