CVE-2023-49665

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
04/01/2024
Last modified:
10/01/2024

Description

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*