Insurance Management System
Monthly
SQL injection in itsourcecode Insurance Management System 1.0 allows authenticated remote attackers to manipulate the agent_id parameter in /updateAgent.php, enabling unauthorized database queries with limited confidentiality and integrity impact. Despite critical classification in metadata, the CVSS 4.0 vector shows low severity (2.1 score) due to requirement for prior authentication and restricted scope. Public exploit code is available, though EPSS score of 0.06% (20th percentile) suggests minimal real-world exploitation likelihood.
SQL injection in itsourcecode Insurance Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the recipt_no parameter in /insertPayment.php, resulting in limited confidentiality and integrity impact. The vulnerability requires valid user credentials (PR:L) and carries a low CVSS score of 2.1 despite being classified critical by the discoverer. Exploit code is publicly available and has been disclosed, though no active widespread exploitation has been reported.
SQL injection in itsourcecode Insurance Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the nominee_id parameter in /insertNominee.php, resulting in limited confidentiality and integrity impact. Publicly available exploit code exists, though EPSS scoring (0.09th percentile) suggests minimal real-world exploitation likelihood despite the critical classification and public disclosure.
SQL injection in itsourcecode Insurance Management System 1.0 allows authenticated remote attackers to manipulate the agent_id parameter in /updateAgent.php, enabling unauthorized database queries with limited confidentiality and integrity impact. Despite critical classification in metadata, the CVSS 4.0 vector shows low severity (2.1 score) due to requirement for prior authentication and restricted scope. Public exploit code is available, though EPSS score of 0.06% (20th percentile) suggests minimal real-world exploitation likelihood.
SQL injection in itsourcecode Insurance Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the recipt_no parameter in /insertPayment.php, resulting in limited confidentiality and integrity impact. The vulnerability requires valid user credentials (PR:L) and carries a low CVSS score of 2.1 despite being classified critical by the discoverer. Exploit code is publicly available and has been disclosed, though no active widespread exploitation has been reported.
SQL injection in itsourcecode Insurance Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the nominee_id parameter in /insertNominee.php, resulting in limited confidentiality and integrity impact. Publicly available exploit code exists, though EPSS scoring (0.09th percentile) suggests minimal real-world exploitation likelihood despite the critical classification and public disclosure.