Skip to main content

Billing System

10 CVEs product

Monthly

CVE-2025-65380 MEDIUM This Month

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65379 MEDIUM This Month

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-7913 MEDIUM POC This Month

A vulnerability was found in itsourcecode Billing System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Billing System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7839 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Billing System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-37872 HIGH POC This Week

SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Billing System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-37849 CRITICAL POC Act Now

A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Billing System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-43215 CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43214 CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41504 HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Billing System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-41498 HIGH POC This Week

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
EPSS 0% CVSS 6.5
MEDIUM This Month

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

PHP SQLi Billing System
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

PHP SQLi Billing System
NVD GitHub
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in itsourcecode Billing System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Billing System
NVD GitHub VulDB
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Billing System
NVD GitHub VulDB
EPSS 1% CVSS 8.1
HIGH POC This Week

SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Billing System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing System
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy